CVSS: 4.3EPSS: 0%CPEs: 300EXPL: 0CVE-2025-20135 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software DHCP Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20135
14 Aug 2025 — A vulnerability in the DHCP client functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to exhaust available memory. This vulnerability is due to improper validation of incoming DHCP packets. An attacker could exploit this vulnerability by repeatedly sending crafted DHCPv4 packets to an affected device. A successful exploit could allow the attacker to exhaust available memor... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-dhcp-qj7nGs4N •
CVSS: 7.7EPSS: 0%CPEs: 16EXPL: 0CVE-2025-20127 – Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 3100 and 4200 Series TLS Cipher Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20127
14 Aug 2025 — A vulnerability in the TLS 1.3 implementation for a specific cipher for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software for Cisco Firepower 3100 and 4200 Series devices could allow an authenticated, remote attacker to consume resources that are associated with incoming TLS 1.3 connections, which eventually could cause the device to stop accepting any new SSL/TLS or VPN requests. This vulnerability is due to the implementation of the TL... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3100_4200_tlsdos-2yNSCd54 •
CVSS: 8.6EPSS: 0%CPEs: 276EXPL: 0CVE-2025-20133 – Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access SSL VPN Authentication Targeted Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20133
14 Aug 2025 — A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to unexpectedly stop responding, resulting in a DoS condition. This vulnerability is due to ineffective validation of user-supplied input during the Remote Access SSL VPN authentication process. An attacker could exploit this vulnerability by sending a crafted request to the VPN service on ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpn-dos-mfPekA6e •
CVSS: 8.6EPSS: 0%CPEs: 32EXPL: 0CVE-2025-20134 – Cisco Adaptive Security Appliance and Firepower Threat Defense Software SSL/TLS Certificate Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-20134
14 Aug 2025 — A vulnerability in the certificate processing of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper parsing of SSL/TLS certificates. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static Network Address Translation (NAT)... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ssltls-dos-eHw76vZe •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20215 – Cisco Webex Meeting Client Join Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2025-20215
06 Aug 2025 — A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed. This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could hav... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-join-yNXfqHk4 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20332 – Cisco Identity Services Engine Authorization Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-20332
06 Aug 2025 — A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise_xss_acc_cont-YsR4uT4U • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20331 – Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy
https://notcve.org/view.php?id=CVE-2025-20331
06 Aug 2025 — A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary sc... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise_xss_acc_cont-YsR4uT4U • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 1CVE-2025-20337 – Cisco Identity Services Engine Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-20337
16 Jul 2025 — A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected ... • https://github.com/barbaraeivyu/CVE-2025-20337-EXP • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20285 – Cisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-20285
16 Jul 2025 — A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controls that are configured using the IP Access Restriction feature. An attacker could exploit this vulnerability by logging in to the API from an unauthorized source IP address. A successful exploit could allow the attack... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO • CWE-302: Authentication Bypass by Assumed-Immutable Data •
CVSS: 5.8EPSS: 0%CPEs: 17EXPL: 0CVE-2025-20288 – Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2025-20288
16 Jul 2025 — A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from th... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-ssrf-JSuDjeV • CWE-918: Server-Side Request Forgery (SSRF) •