CVE-2025-20363
CRITICALDescription
A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the attacker to execute arbitrary code as root, which may lead to the complete compromise of the affected device. For more information about this vulnerability, see the Details ["#details"] section of this advisory.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | ios_xr |
| cisco | asr_9001 |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | adaptive_security_appliance_software |
| cisco | ios |
| cisco | ios_xe |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
| cisco | firepower_threat_defense |
References
Frequently Asked Questions
What is CVE-2025-20363? +
How severe is CVE-2025-20363? +
What products are affected by CVE-2025-20363? +
How do I check if I'm vulnerable to CVE-2025-20363? +
Related Vulnerabilities
vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This …
A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for …
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. …
Heap-based Buffer Overflow vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from …
Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory
There is a Heap-based Buffer Overflow vulnerability in QTextMarkdownImporter. This requires an incorrectly formatted markdown file to be passed to …