CVE-2025-20363

CWE-122Heap-based Buffer Overflow8 documents7 sources
Severity
9.0CRITICAL
EPSS
5.7%
top 9.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat DefenseCisco IOS+6 more
Timeline
PublishedSep 25
Latest updateSep 26

Description

A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validatio

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages10 packages

CVEListV5cisco/cisco_ios_xe_software456 versions+455
CVEListV5cisco/cisco_ios_xr_software13 versions+12

🔴Vulnerability Details

3
CVEList
CVE-2025-20363: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) So2025-09-25
GHSA
GHSA-8wv4-73v4-qxp2: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) So2025-09-25
VulnCheck
Cisco IOS XR Heap-based Buffer Overflow2025

📋Vendor Advisories

1
Cisco
Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability2025-09-25

🕵️Threat Intelligence

3
Unit42
Threat Insights: Active Exploitation of Cisco ASA Zero Days2025-09-26
Talos
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices2024-04-24
Talos
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices2024-04-24