CVE-2025-20360

CWE-805 CWE-1274 documents4 sources

Severity

5.8MEDIUM

EPSS

0.1%

top 70.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Cyber Vision Cisco Cisco Secure Firewall Threat Defense (ftd) Software

Timeline

PublishedOct 15

Description

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5cisco/cisco_cyber_vision51 versions+50

▶CVEListV5cisco/cisco_secure_firewall_threat_defense_(ftd)_software15 versions+14

🔴Vulnerability Details

CVEList

Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerability↗2025-10-15

▶

GHSA

GHSA-6w3w-cx38-4j8c: Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the↗2025-10-15

▶

📋Vendor Advisories

Cisco

Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities↗2025-10-15

▶