CVE-2025-20219
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface.
This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic that should have been blocked to a loopback interface on the device.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2.7 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.2.8 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.9 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.39 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.12 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.46 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.18 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.53 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.55 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.3.56 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.22 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.1.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.5 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.24 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.8 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.27 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.22 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2.10 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.28 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.24 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2.21 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.31 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.29 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.2.22 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.34 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.3 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.40 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.22.1.1 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.3.4 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.47 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.3.7 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.37 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.20.3.9 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.19.1.38 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.18.4.50 | affected |
| Cisco | Cisco Adaptive Security Appliance (ASA) Software | 9.22.1.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.1.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.1.1 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.3.1.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.6.0 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.2 | affected |
| Cisco | Cisco Firepower Threat Defense Software | 7.4.2.1 | affected |
Weaknesses
- CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.