CVE-2025-20251

{"id": "CVE-2025-20251", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.7, "exploitabilityScore": 3.1}]}, "published": "2025-08-14T17:15:38.547", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-http-file-hUyX2jL4", "source": "psirt@cisco.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-1287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to create or delete arbitrary files on the underlying operating system. If critical system files are manipulated, new Remote Access SSL VPN sessions could be denied and existing sessions could be dropped, causing a denial of service (DoS) condition. An exploited device requires a manual reboot to recover.\r\n\r\nThis vulnerability is due to insufficient input validation when processing HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to create or delete files on the underlying operating system, which could cause the Remote Access SSL VPN service to become unresponsive.\r\nTo exploit this vulnerability, the attacker must be authenticated as a VPN user of the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en el servicio VPN SSL de acceso remoto para el software Cisco Secure Firewall Adaptive Security Appliance (ASA) y el software Cisco Secure Firewall Threat Defense (FTD) podr\u00eda permitir que un atacante remoto autenticado cree o elimine archivos arbitrarios en el sistema operativo subyacente. Si se manipulan archivos cr\u00edticos del sistema, se podr\u00edan denegar nuevas sesiones VPN SSL de acceso remoto y descartar las existentes, lo que causa una denegaci\u00f3n de servicio (DoS). Un dispositivo vulnerable requiere un reinicio manual para recuperarse. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente al procesar solicitudes HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando solicitudes HTTP manipuladas a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante crear o eliminar archivos en el sistema operativo subyacente, lo que podr\u00eda provocar que el servicio VPN SSL de acceso remoto deje de responder. Para explotar esta vulnerabilidad, el atacante debe estar autenticado como usuario VPN del dispositivo afectado."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "psirt@cisco.com"}