CVE-2025-20219
MEDIUMCisco Adaptive Security Appliance (ASA) Software - Unauthenticated Access Control Bypass via Loopback Interface
Title source: llmDescription
A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface. This vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic that should have been blocked to a loopback interface on the device.
References (1)
Core 1
Core References
Scores
CVSS v3
5.3
EPSS
0.0004
EPSS Percentile
13.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (50)
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.2
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.2.5
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.2.7
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.2.8
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.3
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.3.39
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.3.46
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.3.53
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.3.55
Cisco/Cisco Adaptive Security Appliance (ASA) Software
9.18.3.56
... and 40 more
Published
Aug 14, 2025
Tracked Since
Feb 18, 2026