216.73.216.31

CVE-2025-20238

· Published 14/08/2025 17:15 · Modified 15/08/2025 13:12

Labels: CVE-2025-20238 2025-08-14CVE-2025-20238CWE-1244[email protected]

Essential information

Published
14/08/2025 17:15
Modified
15/08/2025 13:12
Author
Creator
CVSS
6.0 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisco / secure firewall asa cpe:2.3:a:cisco:secure_firewall_asa:*:*:*:*:*:*:*:*
cisco / secure firewall ftd cpe:2.3:a:cisco:secure_firewall_ftd:*:*:*:*:*:*:*:*

References