Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-20252

Summary
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
Published At-14 Aug, 2025 | 16:29
Updated At-14 Aug, 2025 | 19:19
Rejected At-
Credits

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:cisco
Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633
Published At:14 Aug, 2025 | 16:29
Updated At:14 Aug, 2025 | 19:19
Rejected At:
▼CVE Numbering Authority (CNA)

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Adaptive Security Appliance (ASA) Software
Versions
Affected
  • 9.8.4.15
  • 9.8.4.17
  • 9.8.4.25
  • 9.8.4.20
  • 9.8.4.22
  • 9.8.4.26
  • 9.8.4.29
  • 9.8.4.32
  • 9.8.4.33
  • 9.8.4.34
  • 9.8.4.35
  • 9.8.4.39
  • 9.8.4.40
  • 9.8.4.41
  • 9.8.4.43
  • 9.8.4.44
  • 9.8.4.45
  • 9.8.4.46
  • 9.8.4.48
  • 9.12.3.2
  • 9.12.3.7
  • 9.12.4
  • 9.12.3.12
  • 9.12.3.9
  • 9.12.4.2
  • 9.12.4.4
  • 9.12.4.7
  • 9.12.4.10
  • 9.12.4.13
  • 9.12.4.8
  • 9.12.4.18
  • 9.12.4.24
  • 9.12.4.26
  • 9.12.4.29
  • 9.12.4.30
  • 9.12.4.35
  • 9.12.4.37
  • 9.12.4.38
  • 9.12.4.39
  • 9.12.4.40
  • 9.12.4.41
  • 9.12.4.47
  • 9.12.4.48
  • 9.12.4.50
  • 9.12.4.52
  • 9.12.4.54
  • 9.12.4.55
  • 9.12.4.56
  • 9.12.4.58
  • 9.12.4.62
  • 9.12.4.65
  • 9.12.4.67
  • 9.14.1
  • 9.14.1.10
  • 9.14.1.6
  • 9.14.1.15
  • 9.14.1.19
  • 9.14.1.30
  • 9.14.2
  • 9.14.2.4
  • 9.14.2.8
  • 9.14.2.13
  • 9.14.2.15
  • 9.14.3
  • 9.14.3.1
  • 9.14.3.9
  • 9.14.3.11
  • 9.14.3.13
  • 9.14.3.18
  • 9.14.3.15
  • 9.14.4
  • 9.14.4.6
  • 9.14.4.7
  • 9.14.4.12
  • 9.14.4.13
  • 9.14.4.14
  • 9.14.4.15
  • 9.14.4.17
  • 9.14.4.22
  • 9.14.4.23
  • 9.14.4.24
  • 9.16.1
  • 9.16.1.28
  • 9.16.2
  • 9.16.2.3
  • 9.16.2.7
  • 9.16.2.11
  • 9.16.2.13
  • 9.16.2.14
  • 9.16.3
  • 9.16.3.3
  • 9.16.3.14
  • 9.16.3.15
  • 9.16.3.19
  • 9.16.3.23
  • 9.16.4
  • 9.16.4.9
  • 9.16.4.14
  • 9.16.4.18
  • 9.16.4.19
  • 9.16.4.27
  • 9.16.4.38
  • 9.16.4.39
  • 9.16.4.42
  • 9.16.4.48
  • 9.16.4.55
  • 9.16.4.57
  • 9.16.4.61
  • 9.16.4.62
  • 9.16.4.67
  • 9.16.4.70
  • 9.16.4.71
  • 9.16.4.76
  • 9.16.4.82
  • 9.17.1
  • 9.17.1.7
  • 9.17.1.9
  • 9.17.1.10
  • 9.17.1.11
  • 9.17.1.13
  • 9.17.1.15
  • 9.17.1.20
  • 9.17.1.30
  • 9.17.1.33
  • 9.17.1.39
  • 9.17.1.45
  • 9.17.1.46
  • 9.18.1
  • 9.18.1.3
  • 9.18.2
  • 9.18.2.5
  • 9.18.2.7
  • 9.18.2.8
  • 9.18.3
  • 9.18.3.39
  • 9.18.3.46
  • 9.18.3.53
  • 9.18.3.55
  • 9.18.3.56
  • 9.18.4
  • 9.18.4.5
  • 9.18.4.8
  • 9.18.4.22
  • 9.18.4.24
  • 9.18.4.29
  • 9.18.4.34
  • 9.18.4.40
  • 9.18.4.47
  • 9.18.4.50
  • 9.18.4.52
  • 9.18.4.53
  • 9.19.1
  • 9.19.1.5
  • 9.19.1.9
  • 9.19.1.12
  • 9.19.1.18
  • 9.19.1.22
  • 9.19.1.24
  • 9.19.1.27
  • 9.19.1.28
  • 9.19.1.31
  • 9.19.1.37
  • 9.19.1.38
  • 9.20.1
  • 9.20.1.5
  • 9.20.2
  • 9.20.2.10
  • 9.20.2.21
  • 9.20.2.22
  • 9.20.3
  • 9.20.3.4
  • 9.20.3.7
  • 9.20.3.9
  • 9.20.3.10
  • 9.20.3.13
  • 9.22.1.1
  • 9.22.1.3
  • 9.22.1.2
  • 9.22.1.6
  • 9.23.1
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Firepower Threat Defense Software
Versions
Affected
  • 6.2.3.16
  • 6.2.3.17
  • 6.2.3.18
  • 6.6.0
  • 6.6.0.1
  • 6.6.1
  • 6.6.3
  • 6.6.4
  • 6.6.5
  • 6.6.5.1
  • 6.6.5.2
  • 6.6.7
  • 6.6.7.1
  • 6.6.7.2
  • 6.4.0.9
  • 6.4.0.10
  • 6.4.0.11
  • 6.4.0.12
  • 6.4.0.13
  • 6.4.0.14
  • 6.4.0.15
  • 6.4.0.16
  • 6.4.0.17
  • 6.4.0.18
  • 7.0.0
  • 7.0.0.1
  • 7.0.1
  • 7.0.1.1
  • 7.0.2
  • 7.0.2.1
  • 7.0.3
  • 7.0.4
  • 7.0.5
  • 7.0.6
  • 7.0.6.1
  • 7.0.6.2
  • 7.0.6.3
  • 7.0.7
  • 7.1.0
  • 7.1.0.1
  • 7.1.0.2
  • 7.1.0.3
  • 7.2.0
  • 7.2.0.1
  • 7.2.1
  • 7.2.2
  • 7.2.3
  • 7.2.4
  • 7.2.4.1
  • 7.2.5
  • 7.2.5.1
  • 7.2.6
  • 7.2.7
  • 7.2.5.2
  • 7.2.8
  • 7.2.8.1
  • 7.2.9
  • 7.3.0
  • 7.3.1
  • 7.3.1.1
  • 7.3.1.2
  • 7.4.0
  • 7.4.1
  • 7.4.1.1
  • 7.4.2
  • 7.4.2.1
  • 7.4.2.2
  • 7.6.0
  • 7.7.0
Problem Types
TypeCWE IDDescription
cweCWE-401Missing Release of Memory after Effective Lifetime
Type: cwe
CWE ID: CWE-401
Description: Missing Release of Memory after Effective Lifetime
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@cisco.com
Published At:14 Aug, 2025 | 17:15
Updated At:15 Aug, 2025 | 13:12

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a memory leak, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of IKEv2 packets. An attacker could exploit this vulnerability by sending a continuous stream of crafted IKEv2 packets to an affected device. A successful exploit could allow the attacker to partially exhaust system memory, causing system instability like being unable to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover from this condition.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Type: Primary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-401Primarypsirt@cisco.com
CWE ID: CWE-401
Type: Primary
Source: psirt@cisco.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHypsirt@cisco.com
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy
Source: psirt@cisco.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

56Records found
CVE-2021-1308
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-7.4||HIGH
EPSS-0.10% / 27.68%
||
7 Day CHG~0.00%
Published-08 Apr, 2021 | 04:05
Updated-08 Nov, 2024 | 23:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Small Business RV Series Routers Link Layer Discovery Protocol Vulnerabilities

Multiple vulnerabilities exist in the Link Layer Discovery Protocol (LLDP) implementation for Cisco Small Business RV Series Routers. An unauthenticated, adjacent attacker could execute arbitrary code or cause an affected router to leak system memory or reload. A memory leak or device reload would cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Note: LLDP is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-rv260_firmwarerv340_firmwarerv345prv345rv134w_firmwarerv160w_firmwarerv160_firmwarerv345p_firmwarerv260w_firmwarerv340w_firmwarerv132w_firmwarerv160wrv260rv260wrv340wrv132wrv260prv345_firmwarerv340rv260p_firmwarerv134wrv160Cisco Small Business RV Series Router Firmware
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2021-1387
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.95% / 75.38%
||
7 Day CHG~0.00%
Published-24 Feb, 2021 | 19:30
Updated-08 Nov, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco NX-OS Software IPv6 Netstack Denial of Service Vulnerability

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-nexus_93180lc-exnexus_34200yc-smnexus_56128pnexus_9332pqnexus_3132q-xnexus_3172tqnexus_93108tc-exnx-osnexus_3636c-rnexus_9508nexus_3100-vnexus_93120txnexus_9316d-gxnexus_93128txnexus_6004nexus_92160yc_switchnexus_3100-znexus_3548-xlnexus_3016qnexus_3132q-vnexus_9332cnexus_31128pqnexus_93180yc-fx3snexus_92348gc-xnexus_3172tq-32tnexus_9336c-fx2nexus_6001pnexus_3164qnexus_9364cnexus_3524-xnexus_3132c-znexus_31108tc-vnexus_5548pnexus_9348gc-fxpnexus_5648qnexus_3172nexus_9272qnexus_93180yc-fx-24nexus_3464cnexus_93216tc-fx2nexus_36180yc-rnexus_5672upnexus_93180yc-fxnexus_93180tc-exnexus_3264qnexus_3432d-snexus_7004ucs_6454nexus_34180ycnexus_9000vnexus_31108pc-vnexus_3064-32tnexus_5596upnexus_93180yc-fx3nexus_7009nexus_3524nexus_93180yc-ex-24nexus_3100vnexus_3548nexus_3132qnexus_3016nexus_7018nexus_9372pxnexus_9364c-gxucs_64108nexus_93108tc-fx-24nexus_92304qcnexus_5696qnexus_92160yc-xnexus_7710nexus_93108tc-ex-24nexus_3064xnexus_31108pv-vnexus_3048nexus_9372tx-enexus_9504nexus_6001nexus_93108tc-fx3pnexus_93360yc-fx2nexus_93108tc-fxnexus_3064tnexus_3524-xlnexus_9396txnexus_7000nexus_7010nexus_3064unified_computing_systemnexus_92300ycnexus_3172pqnexus_7706nexus_3064-xnexus_7718nexus_3232cnexus_5548upnexus_9336c-fx2-enexus_9396pxnexus_9221cnexus_9500rnexus_5596tnexus_7702nexus_3264c-enexus_93240yc-fx2nexus_9372txnexus_5624qnexus_3548-xnexus_6004xnexus_3132q-xlnexus_3064-tnexus_3172tq-xlnexus_93600cd-gxnexus_3408-snexus_6001tnexus_9372px-enexus_93180yc-exnexus_93128nexus_9336pqnexus_9236cnexus_9516nexus_3172pq-xlnexus_7700nexus_5672up-16gCisco NX-OS Software
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3203
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-0.85% / 73.92%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:40
Updated-15 Nov, 2024 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IOS XE Software Catalyst 9800 Series Wireless Controllers Denial of Service Vulnerability

A vulnerability in the locally significant certificate (LSC) provisioning feature of Cisco Catalyst 9800 Series Wireless Controllers that are running Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a memory leak that could lead to a denial of service (DoS) condition. The vulnerability is due to incorrect processing of certain public key infrastructure (PKI) packets. An attacker could exploit this vulnerability by sending crafted Secure Sockets Layer (SSL) packets to an affected device. A successful exploit could cause an affected device to continuously consume memory, which could result in a memory allocation failure that leads to a crash and causes a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ios_xecatalyst_9800-lcatalyst_9800-l-ccatalyst_9800-40catalyst_9800-clcatalyst_9800-80catalyst_9800-l-fCisco IOS XE Software 16.1.1
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-3195
Matching Score-6
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-6
Assigner-Cisco Systems, Inc.
CVSS Score-8.6||HIGH
EPSS-1.31% / 78.98%
||
7 Day CHG~0.00%
Published-06 May, 2020 | 16:41
Updated-15 Nov, 2024 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPF Packets Processing Memory Leak Vulnerability

A vulnerability in the Open Shortest Path First (OSPF) implementation in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device. The vulnerability is due to incorrect processing of certain OSPF packets. An attacker could exploit this vulnerability by sending a series of crafted OSPF packets to be processed by an affected device. A successful exploit could allow the attacker to continuously consume memory on an affected device and eventually cause it to reload, resulting in a denial of service (DoS) condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-asa_5510_firmwareasa_5585-x_firmwareadaptive_security_appliance_softwareasa_5520asa_5505_firmwareasa_5510asa_5540_firmwareasa_5580_firmwareasa_5520_firmwareasa_5515-xasa_5550asa_5545-x_firmwareasa_5545-xasa_5525-x_firmwareasa_5505asa_5540asa_5555-xasa_5580asa_5585-xasa_5515-x_firmwareasa_5525-xasa_5555-x_firmwareasa_5512-x_firmwareasa_5550_firmwareasa_5512-xfirepower_threat_defenseCisco Adaptive Security Appliance (ASA) Software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2020-11637
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
ShareView Details
Matching Score-4
Assigner-Asea Brown Boveri Ltd. (ABB)
CVSS Score-5.8||MEDIUM
EPSS-0.29% / 51.96%
||
7 Day CHG~0.00%
Published-15 Oct, 2020 | 15:08
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Automation Runtime TFTP Service DoS Vulnerability

A memory leak in the TFTP service in B&R Automation Runtime versions <N4.26, <N4.34, <F4.45, <E4.53, <D4.63, <A4.73 and prior could allow an unauthenticated attacker with network access to cause a denial of service (DoS) condition.

Action-Not Available
Vendor-B&R Industrial Automation GmbH
Product-automation_runtimeAutomation Runtime
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
CVE-2023-3592
Matching Score-4
Assigner-Eclipse Foundation
ShareView Details
Matching Score-4
Assigner-Eclipse Foundation
CVSS Score-5.8||MEDIUM
EPSS-0.04% / 9.49%
||
7 Day CHG~0.00%
Published-02 Oct, 2023 | 19:01
Updated-13 Feb, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.

Action-Not Available
Vendor-Eclipse Foundation AISBL
Product-mosquittoMosquitto
CWE ID-CWE-401
Missing Release of Memory after Effective Lifetime
  • Previous
  • 1
  • 2
  • Next
Details not found