CVE-2025-20244

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial of Service Vulnerability

Description

A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload.

References

Link	Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX

Frequently Asked Questions

What is the severity of CVE-2025-20244?: CVE-2025-20244 has been scored as a high severity vulnerability.
How to fix CVE-2025-20244?: To fix CVE-2025-20244, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2025-20244 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2025-20244 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-20244?: CVE-2025-20244 affects Cisco Cisco Adaptive Security Appliance (ASA) Software, Cisco Cisco Firepower Threat Defense Software.

Description

Category

CWE-1287 – Improper Validation of Specified Type of Input

References

Frequently Asked Questions