Cisco Firepower Threat Defense Software vulnerabilities

CVE-2025-20363 [CRITICAL] CWE-122 CVE-2025-20363: A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Softw A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS,

CVE-2025-20133 [HIGH] CWE-401 CVE-2025-20133: A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, resulting in a DoS condition. This vulnerability is due to ineffective validation of user-supplied

CVE-2025-20136 [HIGH] CWE-835 CVE-2025-20136: A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS in A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of se

CVE-2025-20263 [HIGH] CWE-680 CVE-2025-20263: A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance ( A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to insufficient boundary checks for specific data that is

CVE-2025-20222 [HIGH] CWE-120 CVE-2025-20222: A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adapt A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of IPv6 packets

CVE-2025-20251 [HIGH] CWE-1287 CVE-2025-20251: A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security App A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Acc

CVE-2025-20134 [HIGH] CWE-415 CVE-2025-20134: A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance ( A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper pa

CVE-2025-20244 [HIGH] CWE-1287 CVE-2025-20244: A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security App A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerab

CVE-2025-20243 [HIGH] CWE-835 CVE-2025-20243: A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secu A vulnerability in the management and VPN web servers of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to improper validation of user-supplied input on an interface with VPN web services. An

CVE-2025-20217 [HIGH] CWE-835 CVE-2025-20217: A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secu A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of traffic that is inspected by an affected

CVE-2025-20239 [HIGH] CWE-401 CVE-2025-20239: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vul

CVE-2025-20253 [HIGH] CWE-835 CVE-2025-20253: A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Sof A vulnerability in the IKEv2 feature of Cisco IOS Software, IOS XE Software, Secure Firewall ASA Software, and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a DoS condition. This vulnerability is due to the improper processing of IKEv2 packets. An attacker could exploit this vulnerabil

CVE-2025-20127 [HIGH] CWE-404 CVE-2025-20127: A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adapti A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 co

CVE-2025-20254 [MEDIUM] CWE-401 CVE-2025-20254: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adapt A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper p

CVE-2025-20135 [MEDIUM] CWE-401 CVE-2025-20135: A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Applianc A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory. This vulnerability is due to improper validation of incoming DHCP packets. An attacker could explo

CVE-2025-20219 [MEDIUM] CWE-284 CVE-2025-20219: A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secur A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. This vulnerability is

CVE-2025-20238 [MEDIUM] CWE-1244 CVE-2025-20238: A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrati

CVE-2025-20220 [MEDIUM] CWE-78 CVE-2025-20220: A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secur A vulnerability in the CLI of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to improper input validation for specific CLI commands. An attacke

CVE-2025-20225 [MEDIUM] CWE-401 CVE-2025-20225: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall Adaptive Security Appliance (ASA) Software, and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This v

CVE-2025-20224 [MEDIUM] CWE-401 CVE-2025-20224: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adapt A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper p