{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-20219","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2024-10-10T19:15:13.233Z","datePublished":"2025-08-14T16:28:40.010Z","dateUpdated":"2025-08-14T20:44:27.252Z"},"containers":{"cna":{"title":"Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass Vulnerability","metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}}],"descriptions":[{"lang":"en","value":"A vulnerability in the implementation of access control rules for loopback interfaces in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traffic that should have been blocked to a loopback interface.\r\n\r\nThis vulnerability is due to improper enforcement of access control rules for loopback interfaces. An attacker could exploit this vulnerability by sending traffic to a loopback interface on an affected device. A successful exploit could allow the attacker to bypass configured access control rules and send traffic&nbsp;that should have been blocked to a loopback interface on the device."}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-acl-bypass-mtPze9Yh","name":"cisco-sa-asa-ftd-acl-bypass-mtPze9Yh"}],"exploits":[{"lang":"en","value":"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-asa-ftd-acl-bypass-mtPze9Yh","discovery":"INTERNAL","defects":["CSCwi57783"]},"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Access Control","type":"cwe","cweId":"CWE-284"}]}],"affected":[{"vendor":"Cisco","product":"Cisco Adaptive Security Appliance (ASA) Software","versions":[{"version":"9.18.2","status":"affected"},{"version":"9.18.2.5","status":"affected"},{"version":"9.18.2.7","status":"affected"},{"version":"9.19.1","status":"affected"},{"version":"9.18.2.8","status":"affected"},{"version":"9.18.3","status":"affected"},{"version":"9.19.1.5","status":"affected"},{"version":"9.19.1.9","status":"affected"},{"version":"9.18.3.39","status":"affected"},{"version":"9.19.1.12","status":"affected"},{"version":"9.18.3.46","status":"affected"},{"version":"9.19.1.18","status":"affected"},{"version":"9.18.3.53","status":"affected"},{"version":"9.18.3.55","status":"affected"},{"version":"9.18.3.56","status":"affected"},{"version":"9.20.1","status":"affected"},{"version":"9.19.1.22","status":"affected"},{"version":"9.18.4","status":"affected"},{"version":"9.20.1.5","status":"affected"},{"version":"9.18.4.5","status":"affected"},{"version":"9.19.1.24","status":"affected"},{"version":"9.18.4.8","status":"affected"},{"version":"9.20.2","status":"affected"},{"version":"9.19.1.27","status":"affected"},{"version":"9.18.4.22","status":"affected"},{"version":"9.20.2.10","status":"affected"},{"version":"9.19.1.28","status":"affected"},{"version":"9.18.4.24","status":"affected"},{"version":"9.20.2.21","status":"affected"},{"version":"9.19.1.31","status":"affected"},{"version":"9.18.4.29","status":"affected"},{"version":"9.20.2.22","status":"affected"},{"version":"9.18.4.34","status":"affected"},{"version":"9.20.3","status":"affected"},{"version":"9.18.4.40","status":"affected"},{"version":"9.22.1.1","status":"affected"},{"version":"9.20.3.4","status":"affected"},{"version":"9.18.4.47","status":"affected"},{"version":"9.20.3.7","status":"affected"},{"version":"9.19.1.37","status":"affected"},{"version":"9.20.3.9","status":"affected"},{"version":"9.19.1.38","status":"affected"},{"version":"9.18.4.50","status":"affected"},{"version":"9.22.1.2","status":"affected"}],"defaultStatus":"unknown"},{"vendor":"Cisco","product":"Cisco Firepower Threat Defense Software","versions":[{"version":"7.3.0","status":"affected"},{"version":"7.3.1","status":"affected"},{"version":"7.3.1.1","status":"affected"},{"version":"7.4.0","status":"affected"},{"version":"7.4.1","status":"affected"},{"version":"7.4.1.1","status":"affected"},{"version":"7.3.1.2","status":"affected"},{"version":"7.6.0","status":"affected"},{"version":"7.4.2","status":"affected"},{"version":"7.4.2.1","status":"affected"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2025-08-14T16:28:40.010Z"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-08-14T20:44:20.753964Z","id":"CVE-2025-20219","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-08-14T20:44:27.252Z"}}]}}