—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

IOS Software

IOS XE Software

Cisco Secure Firewall ASA Software 

Cisco Secure FTD Software

Overview

Multiple vulnerabilities have been reported in Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, Cisco IOS XE Software, Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating Cisco Secure Firewall ASA Software and Secure FTD Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

Multiple  vulnerabilities exist due to improper processing of IKEv2 packets. An attacker could exploit these vulnerabilities by sending crafted IKEv2 packets to an affected device.

Successful exploitation of these vulnerabilities could allow the attacker to infinite loop that exhausts resources and could cause the device to reload.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-ios-dos-DOESHWHy

CVE Name

CVE-2025-20224

CVE-2025-20225

CVE-2025-20239

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmip2QgACgkQ3jCgcSdc

ys/D+Q/8DDHgRN6KdRkoZju0tqOuqkQxnBNJo4rH3tsIKHnQDWTUJDPMiKAmEQzr

C/KWvODVw4WD3RbJ0f+0KNcNCEN9t49kaVi881FBeub1hX8+KMnvw4nCbiRylK9r

99sj5c+/Ryen61gDE3VeovIxYpySpCi4DeL3YNqsedLQ9HFiLsDRMvaCXjeOl58L

bhaoOGpOfY0P9XPux7bN2ovQ65Tm0t5PsH2ilF2fg9BedLr8P9ELlaauRguwedoG

W9iqoc9UDTEQOnX2/T7FcmLpTCvyhwZKD5wGQZXWFndqGH7SPjLPFfzIQxiT1eK4

QfYmtL7a39Gv9u48xvGAcCRIdsPng0U8GtOoTNSDd8gxidxY8pPfSecFhFgqIahk

5TWCqW892pnNw749BXnFl/WdeWnSIk7jEN4kEeys9hkJukENMmtw+kYpzmRsYWtX

InaUOziTZQa7URn4TGVL6oIOrIQ9YwKpRY6HiyCvqGrMWDBXDkXKCVFgASg8z+4N

+3Yweuo03r13xDW1lxNQbFQnMnkVwZC0t4n/UxdNvmAsHcTHi0npcDRU4DGcRsV6

th8RopizD7N+ysAHs/X+a8Z4z6bi6JFSKINeW7JJoQBfkg+DZp1r5g8F3xYVinb5

QpRc1xVqbj/0JXCRo4JK7rxdq8BmT65g83e4png3Q0XykJk9iEY=

=vkJL

—–END PGP SIGNATURE—–