CISCO-CVE-2025-20363

CRITICAL9.0

Cisco Secure Firewall Adaptive Security Appliance, Secure Firewall Threat Defense, IOS, IOS-XE and IOS-XR Software HTTP Vulnerability

Published Sep 25, 2025

Modified 4 months ago

Affected Packages

Cisco IOS

CiscoIOS

Affected versions:

12.2(11)YU12.2(11)YV12.2(11)YV112.2(13)ZD12.2(13)ZD112.2(13)ZD212.2(13)ZD312.2(13)ZD412.2(13)ZE12.2(13)ZF+2400 more

Cisco IOS XE

CiscoIOSXE

Affected versions:

16.1.116.1.216.1.316.10.116.10.1a16.10.1b16.10.1c16.10.1d16.10.1e16.10.1f+508 more

Cisco IOS XR

CiscoIOSXR

Affected versions:

6.5.16.5.26.5.36.6.26.6.256.6.36.7.16.7.26.7.36.8.1+3 more

CVSS Analysis

CVSS v3.1

9.0

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

9.0/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Upstream

Ecosystems

Timeline

PublishedSep 25, 2025

ModifiedNov 6, 2025