CVE-2025-20219

Summary

A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface.

This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic that should have been blocked to a loopback interface on the device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2.5affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2.7affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.2.8affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.5affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.9affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.39affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.12affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.46affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.18affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.53affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.55affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.3.56affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.1affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.22affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.1.5affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.5affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.24affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.8affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.2affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.27affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.22affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.2.10affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.28affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.24affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.2.21affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.31affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.29affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.2.22affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.34affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.3affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.40affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.22.1.1affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.3.4affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.47affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.3.7affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.37affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.20.3.9affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.19.1.38affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.18.4.50affected
CiscoCisco Adaptive Security Appliance (ASA) Software9.22.1.2affected
CiscoCisco Firepower Threat Defense Software7.3.0affected
CiscoCisco Firepower Threat Defense Software7.3.1affected
CiscoCisco Firepower Threat Defense Software7.3.1.1affected
CiscoCisco Firepower Threat Defense Software7.4.0affected
CiscoCisco Firepower Threat Defense Software7.4.1affected
CiscoCisco Firepower Threat Defense Software7.4.1.1affected
CiscoCisco Firepower Threat Defense Software7.3.1.2affected
CiscoCisco Firepower Threat Defense Software7.6.0affected
CiscoCisco Firepower Threat Defense Software7.4.2affected
CiscoCisco Firepower Threat Defense Software7.4.2.1affected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References