CVE-2025-20217HIGH 8.6EPSS p46.7%

CVE-2025-20217CVE-2025-20217

Description

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of traffic that is inspected by an affected device. An attacker could exploit this vulnerability by sending crafted traffic through the affected device. A successful exploit could allow the attacker to cause the affected device to enter an infinite loop while inspecting traffic, resulting in a DoS condition. The system watchdog will restart the Snort process automatically.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS0.66% probability of exploitation · percentile 46.7% · 2026-06-18T12:00:27Z
Published2025-08-14
Last modified2026-04-15

Underlying weaknesses· 1

CWE-835

References

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-SvKhtjgt

1

TypeTargetConfidenceTier
WeaknessLoop with Unreachable Exit Condition ('Infinite Loop')cwe-8350%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-20136
CVE
Cisco ASA and FTD Denial of Service Vulnerability
CVE
CVE-2025-20253
CVE
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability
CVE
CVE-2025-20263
CVE
CVE-2025-20134
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.