CVE-2025-20238

CWE-1244 CWE-1464 documents4 sources

Severity

6.0MEDIUM

EPSS

0.0%

top 99.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software

Timeline

PublishedAug 14

Description

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this v…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software220 versions+219

▶CVEListV5cisco/cisco_firepower_threat_defense_software94 versions+93

🔴Vulnerability Details

GHSA

GHSA-c3ph-mf94-pp8r: A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allo↗2025-08-14

▶

CVEList

CVE-2025-20238: A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allo↗2025-08-14

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Authenticated Command Injection Vulnerabilities↗2025-08-14

▶