CVE-2025-20219 — Improper Access Control in Cisco Adaptive Security Appliance Software

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 91.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense Software

Timeline

PublishedAug 14

Description

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a lo…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_adaptive_security_appliance_software44 versions+43

▶CVEListV5cisco/cisco_firepower_threat_defense_software10 versions+9

🔴Vulnerability Details

CVEList

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass Vulnerability↗2025-08-14

▶

GHSA

GHSA-8x2f-w8fv-gqcm: A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Softw↗2025-08-14

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Rules Bypass Vulnerability↗2025-08-14

▶