CVE-2025-20222 — Classic Buffer Overflow in Cisco Firepower Threat Defense Software

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.6HIGHNVD

EPSS

0.1%

top 65.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Software

Timeline

PublishedAug 14

Description

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of IPv6 packets. An attacker could exploit this vulnerability by sending IPv6 packets over an IPsec VPN connection to an affected device. A successful exploit cou…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_software88 versions+87

🔴Vulnerability Details

GHSA

GHSA-qwrq-hc6q-9r7j: A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Se↗2025-08-14

▶

CVEList

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Buffer Vulnerability↗2025-08-14

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software for Firepower 2100 Series IPv6 over IPsec Denial of Service Vulnerability↗2025-08-14

▶