CVE-2025-20254

CWE-401 — Memory Leak CWE-8354 documents4 sources

Severity

5.8MEDIUM

EPSS

0.1%

top 71.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Adaptive Security Appliance (asa) Software Cisco Cisco Firepower Threat Defense Software

Timeline

PublishedAug 14

Description

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_adaptive_security_appliance_(asa)_software170 versions+169

▶CVEListV5cisco/cisco_firepower_threat_defense_software94 versions+93

🔴Vulnerability Details

GHSA

GHSA-rxfw-48wv-x4rf: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure F↗2025-08-14

▶

CVEList

CVE-2025-20254: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure F↗2025-08-14

▶

📋Vendor Advisories

Cisco

Cisco IOS, IOS XE, Secure Firewall Adaptive Security Appliance, and Secure Firewall Threat Defense Software IKEv2 Denial of Service Vulnerabilities↗2025-08-14

▶