CVE-2025-20219 - Vulnerability Details

CVE-2025-20219 - Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass Vulnerability

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic that should have been blocked to a loopback interface on the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cisco	Adaptive Security Appliance Software Firepower Threat Defense Software

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-acl-bypass-mtPze9Yh

History

Fri, 15 Aug 2025 08:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco adaptive Security Appliance Software Cisco firepower Threat Defense Software
Vendors & Products		Cisco Cisco adaptive Security Appliance Software Cisco firepower Threat Defense Software

Thu, 14 Aug 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 14 Aug 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic that should have been blocked to a loopback interface on the device.
Title		Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass Vulnerability
Weaknesses		CWE-284
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-acl-bypass-mtPze9Yh
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-08-14T16:28:40.010Z

Updated: 2025-08-14T20:44:27.252Z

Reserved: 2024-10-10T19:15:13.233Z

Link: CVE-2025-20219

Vulnrichment

Updated: 2025-08-14T18:03:41.159Z

NVD

Status : Awaiting Analysis

Published: 2025-08-14T17:15:35.920

Modified: 2025-08-15T13:12:51.217

Link: CVE-2025-20219

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object