CVE-2025-20251

CWE-1287 CWE-362 — Race Condition5 documents5 sources

Severity

8.5HIGH

EPSS

0.1%

top 67.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software

Timeline

PublishedAug 14

Description

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requir…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:HExploitability: 3.1 | Impact: 4.7

Affected Packages2 packages

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software220 versions+219

▶CVEListV5cisco/cisco_firepower_threat_defense_software94 versions+93

🔴Vulnerability Details

GHSA

GHSA-62cp-qvq6-cfw4: A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Th↗2025-08-14

▶

CVEList

Cisco Secure Firewall Adaptive Security Appliance and Cisco Secure Firewall Threat Defense Software Authenticated Arbitrary File Deletion↗2025-08-14

▶

📋Vendor Advisories

Cisco

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Server Denial of Service Vulnerability↗2025-08-14

▶

Microsoft

A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.↗2023-03-14

▶