Essential safety flaw CVE-2025-20217 permits unauthenticated attackers to set off denial-of-service situations in Cisco’s broadly deployed firewall methods
Cisco has disclosed a high-severity vulnerability in its Safe Firewall Menace Protection (FTD) Software program that would enable distant attackers to trigger denial-of-service situations by way of the Snort 3 Detection Engine.
The vulnerability, tracked as CVE-2025-20217 with a CVSS rating of 8.6, was printed on August 14, 2025, as a part of Cisco’s semiannual safety advisory bundle.
The flaw exists within the packet inspection performance of the Snort 3 Detection Engine, a core element liable for analyzing and filtering community site visitors for threats.
The vulnerability stems from incorrect processing of site visitors throughout packet inspection, making a important weak point in gadgets working susceptible variations of Cisco Safe FTD Software program with Snort 3 enabled.
In accordance with Cisco’s advisory, an unauthenticated, distant attacker can exploit this vulnerability by sending crafted site visitors by way of the affected system.
The improper dealing with of those specifically crafted packets causes the affected system to enter an infinite loop whereas inspecting site visitors, leading to a denial-of-service situation.
The vulnerability is classed beneath CWE-835 (Loop with Unreachable Exit Situation), indicating a basic flaw within the detection engine’s logic.
Snort 3 Detection Engine Vulnerability
When efficiently exploited, the vulnerability causes the Snort course of to turn into trapped in an infinite loop, successfully stopping all site visitors inspection till the system watchdog detects the problem and mechanically restarts the Snort course of. This creates a brief however important safety hole throughout which malicious site visitors may go by way of undetected.
The assault requires no authentication and might be executed remotely, making it notably harmful for internet-facing Cisco FTD gadgets. Whereas the system watchdog gives computerized restoration by restarting the Snort course of, the short-term lack of inspection capabilities might be exploited by subtle attackers to launch coordinated assaults.
The vulnerability impacts Cisco gadgets working susceptible releases of Cisco Safe FTD Software program with an intrusion coverage enabled that has the Snort 3 engine working. Organizations should confirm that Snort 3 is actively working on their methods, because the vulnerability can’t be exploited if Snort 3 isn’t lively.
Cisco has confirmed that a number of merchandise will not be affected by this vulnerability, together with Cisco Safe Firewall Adaptive Safety Equipment (ASA) Software program, Cisco Safe Firewall Administration Middle (FMC) Software program, and each Open Supply Snort 2 and Snort 3 Software program.
In contrast to many safety vulnerabilities, Cisco has explicitly said that no workarounds can be found to handle this difficulty. This leaves organizations with just one choice: making use of the software program updates launched by Cisco. The corporate has launched free software program updates that utterly tackle the vulnerability.
This vulnerability provides to a rising record of safety points affecting Cisco’s firewall and VPN merchandise. Current months have seen a number of high-severity flaws disclosed, together with CVE-2025-20265 (CVSS 10.0) affecting Safe Firewall Administration Middle and several other different denial-of-service vulnerabilities in ASA and FTD merchandise.
Safety researchers have famous that Cisco has a historical past of vulnerabilities in its Snort detection engine and FTD product line, together with a number of denial-of-service vulnerabilities associated to packet inspection and site visitors dealing with.
Whereas Cisco sometimes responds with immediate advisories and patches, the recurring nature of those points underscores the significance of well timed patch administration for organizations counting on Cisco safety merchandise.
As of the publication date, the Cisco Product Safety Incident Response Crew (PSIRT) reported that it’s not conscious of any public bulletins or malicious use of the vulnerability.
The vulnerability was found in the course of the decision of a Cisco Technical Help Middle (TAC) assist case moderately than by way of exterior menace intelligence.
Given the distant, unauthenticated nature of the assault vector and the important function that Cisco FTD gadgets play in enterprise community safety, safety consultants are advising organizations to prioritize patching efforts.
The short-term lack of site visitors inspection capabilities throughout exploitation may present attackers with home windows of alternative to infiltrate networks or exfiltrate knowledge undetected.
Organizations utilizing Cisco Safe Firewall Menace Protection Software program are strongly suggested to instantly assess their publicity utilizing Cisco’s Software program Checker instrument and apply the out there safety updates to forestall potential exploitation of this important vulnerability.
Increase your SOC and assist your group defend your corporation with free top-notch menace intelligence: Request TI Lookup Premium Trial.
