CVE-2025-20239

CWE-401Memory LeakCWE-8354 documents4 sources
Severity
8.6HIGH
EPSS
0.1%
top 65.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Cisco Cisco Adaptive Security Appliance (asa) SoftwareCisco Cisco Firepower Threat Defense SoftwareCisco Cisco IOS XE Software+1 more
Timeline
PublishedAug 14

Description

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to a lack of proper processing of IKEv2 packets. An attacker could exploit this vulnerability by sending crafted IKEv2 packets to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

CVEListV5cisco/cisco_ios_xe_software334 versions+333
CVEListV5cisco/ios238 versions+237

🔴Vulnerability Details

2
GHSA
GHSA-vfr5-7cjj-f96c: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appli2025-08-14
CVEList
CVE-2025-20239: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appli2025-08-14

📋Vendor Advisories

1
Cisco
Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerabilities2025-08-14
CVE-2025-20239 (HIGH CVSS 8.6) | A vulnerability in the Internet Key | cvebase.io