Cyber Resilience

CVE-2025-20127

High

Published: 14 August 2025

Published
14 August 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0056 68.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20127 is a high-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 7.7 (High).

Operationally, ranked in the top 31.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated,…

more

remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests. This vulnerability is due to the implementation of the TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. An attacker could exploit this vulnerability by sending a large number of TLS 1.3 connections with the specific TLS 1.3 Cipher TLS_CHACHA20_POLY1305_SHA256. A successful exploit could allow the attacker to cause a denial of service (DoS) condition where no new incoming encrypted connections are accepted. The device must be reloaded to clear this condition. Note: These incoming TLS 1.3 connections include both data traffic and user-management traffic. After the device is in the vulnerable state, no new encrypted connections can be accepted.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
firepower threat defense
7.4.0, 7.4.1, 7.4.1.1, 7.4.2, 7.4.2.1
cisco
adaptive security appliance software
9.20.1, 9.20.1.5, 9.20.2, 9.20.2.10, 9.20.2.21

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-404

Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.

addresses: CWE-404

Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.

addresses: CWE-404

Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.

addresses: CWE-404

Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.

References