Cyber Resilience

CVE-2025-20182

High

Published: 07 May 2025

Published
07 May 2025
Modified
01 August 2025
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0029 53.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20182 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 46.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to…

more

cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when processing IKEv2 messages. An attacker could exploit this vulnerability by sending crafted IKEv2 traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition on the affected device.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
adaptive security appliance software
9.12.1, 9.12.1.2, 9.12.1.3, 9.12.2, 9.12.2.1
cisco
firepower threat defense
6.2.3, 6.2.3.1, 6.2.3.10, 6.2.3.11, 6.2.3.12

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References