Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS...

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Description

A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Basic Information

ID CVE-2025-20134

Source cisco

Published Aug 14, 2025 at 16:28

Modified Aug 14, 2025 at 19:21

Affected Product

Vendor Cisco

Product Cisco Adaptive Security Appliance (ASA) Software

Version 9.12.4.39

Affected Versions Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.39
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.40
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.6
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.7
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.41
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.47
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.12
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.48
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.13
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.50
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.14
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.52
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.15
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.54
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.17
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.55
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.22
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.23
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.56
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.58
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.62
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.65
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.67
Cisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.24
Cisco Cisco Firepower Threat Defense Software 6.6.5.2
Cisco Cisco Firepower Threat Defense Software 6.4.0.15
Cisco Cisco Firepower Threat Defense Software 6.6.7
Cisco Cisco Firepower Threat Defense Software 6.4.0.16
Cisco Cisco Firepower Threat Defense Software 6.6.7.1
Cisco Cisco Firepower Threat Defense Software 6.4.0.17
Cisco Cisco Firepower Threat Defense Software 6.6.7.2
Cisco Cisco Firepower Threat Defense Software 6.4.0.18

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe

{
    "lastseen": "",
    "description": "A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending a crafted SSL/TLS certificate to an affected system through a listening SSL/TLS socket. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.",
    "published": "2025-08-14T16:28:07.782Z",
    "modified": "2025-08-14T19:21:52.387Z",
    "type": "cve",
    "title": "Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe",
    "id": "CVE-2025-20134",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.39\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.40\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.6\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.7\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.41\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.47\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.12\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.48\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.13\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.50\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.14\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.52\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.15\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.54\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.17\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.55\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.22\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.23\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.56\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.58\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.62\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.65\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.12.4.67\nCisco Cisco Adaptive Security Appliance (ASA) Software 9.14.4.24\nCisco Cisco Firepower Threat Defense Software 6.6.5.2\nCisco Cisco Firepower Threat Defense Software 6.4.0.15\nCisco Cisco Firepower Threat Defense Software 6.6.7\nCisco Cisco Firepower Threat Defense Software 6.4.0.16\nCisco Cisco Firepower Threat Defense Software 6.6.7.1\nCisco Cisco Firepower Threat Defense Software 6.4.0.17\nCisco Cisco Firepower Threat Defense Software 6.6.7.2\nCisco Cisco Firepower Threat Defense Software 6.4.0.18",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Adaptive Security Appliance (ASA) Software",
    "version": "9.12.4.39",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability_CVE-2025-20134

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply