CWE-1287
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
CVE-2025-10207 (GCVE-0-2025-10207)
Vulnerability from cvelistv5 – Published: 2025-09-18 11:25 – Updated: 2025-09-18 13:32
VLAI
Title
Authenticated File Disclosure/Delete
Summary
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Date Public
2025-09-17 00:31
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10207",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-18T13:32:31.740377Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T13:32:39.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "FLXEON",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "9.3.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure."
}
],
"datePublic": "2025-09-17T00:31:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.\u003cp\u003eThis issue affects FLXEON: through 9.3.5.\u003c/p\u003e"
}
],
"value": "Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T11:25:07.835Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108471A7121\u0026LanguageCode=en\u0026DocumentPartId=pdf\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated File Disclosure/Delete",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-10207",
"datePublished": "2025-09-18T11:25:07.835Z",
"dateReserved": "2025-09-10T08:25:16.701Z",
"dateUpdated": "2025-09-18T13:32:39.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12689 (GCVE-0-2025-12689)
Vulnerability from cvelistv5 – Published: 2025-12-17 18:14 – Updated: 2025-12-17 19:29
VLAI
Title
DoS in Calls plugin via malformed UTF-8 in WebSocket request
Summary
Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
11.0.0 , ≤ 11.0.4
(semver)
Affected: 10.12.0 , ≤ 10.12.2 (semver) Affected: 10.11.0 , ≤ 10.11.6 (semver) Unaffected: 11.1.0 Unaffected: 11.0.5 Unaffected: 10.12.3 Unaffected: 10.11.7 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:52:40.079447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T19:29:54.734Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "11.0.4",
"status": "affected",
"version": "11.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.12.2",
"status": "affected",
"version": "10.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.11.6",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "11.0.5"
},
{
"status": "unaffected",
"version": "10.12.3"
},
{
"status": "unaffected",
"version": "10.11.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "National Security Agency"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 11.0.x \u0026lt;= 11.0.4, 10.12.x \u0026lt;= 10.12.2, 10.11.x \u0026lt;= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request.\u003c/p\u003e"
}
],
"value": "Mattermost versions 11.0.x \u003c= 11.0.4, 10.12.x \u003c= 10.12.2, 10.11.x \u003c= 10.11.6 fail to check WebSocket request field for proper UTF-8 format, which allows attacker to crash Calls plug-in via sending malformed request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:14:10.973Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 11.1.0, 11.0.5, 10.12.3, 10.11.7 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 11.1.0, 11.0.5, 10.12.3, 10.11.7 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00539",
"defect": [
"https://mattermost.atlassian.net/browse/MM-66169"
],
"discovery": "EXTERNAL"
},
"title": "DoS in Calls plugin via malformed UTF-8 in WebSocket request",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-12689",
"datePublished": "2025-12-17T18:14:10.973Z",
"dateReserved": "2025-11-04T10:06:23.912Z",
"dateUpdated": "2025-12-17T19:29:54.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13352 (GCVE-0-2025-13352)
Vulnerability from cvelistv5 – Published: 2025-12-17 12:11 – Updated: 2025-12-17 16:48
VLAI
Title
Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking
Summary
Mattermost versions 10.11.x <= 10.11.6 and Mattermost GitHub plugin versions <=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.11.0 , ≤ 10.11.6
(semver)
Unaffected: 11.1.0 Unaffected: 10.11.7 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13352",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T15:05:37.727945Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T16:48:08.118Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "10.11.6",
"status": "affected",
"version": "10.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "11.1.0"
},
{
"status": "unaffected",
"version": "10.11.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juho Fors\u00e9n"
}
],
"descriptions": [
{
"lang": "en",
"value": "Mattermost versions 10.11.x \u003c= 10.11.6 and Mattermost GitHub plugin versions \u003c=2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T12:11:25.563Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"value": "Update Mattermost to versions 11.1.0, 10.11.7 or higher. Alternatively, update the Mattermost GitHub plugin to version 2.5.0 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00521",
"defect": [
"https://mattermost.atlassian.net/browse/MM-65079"
],
"discovery": "{\"self\"=\u003e\"https://mattermost.atlassian.net/rest/api/2/customFieldOption/10557\", \"value\"=\u003e\"Internal\", \"id\"=\u003e\"10557\"}"
},
"title": "Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking"
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-13352",
"datePublished": "2025-12-17T12:11:25.563Z",
"dateReserved": "2025-11-18T10:07:28.143Z",
"dateUpdated": "2025-12-17T16:48:08.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1558 (GCVE-0-2025-1558)
Vulnerability from cvelistv5 – Published: 2025-03-24 15:01 – Updated: 2025-03-24 18:42
VLAI
Title
Denial of Service Via Malicious GIF
Summary
Mattermost Mobile Apps versions <=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
0 , ≤ 2.25.0
(semver)
Unaffected: 2.26.0 Unaffected: 2.25.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-24T15:25:23.601581Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T18:42:16.481Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "2.25.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.26.0"
},
{
"status": "unaffected",
"version": "2.25.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "defalt47"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Mobile Apps versions \u0026lt;=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF.\u003c/p\u003e"
}
],
"value": "Mattermost Mobile Apps versions \u003c=2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T15:01:52.463Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Mobile Apps to versions 2.26.0, 2.25.1 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Mobile Apps to versions 2.26.0, 2.25.1 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00417",
"defect": [
"https://mattermost.atlassian.net/browse/MM-62374"
],
"discovery": "EXTERNAL"
},
"title": "Denial of Service Via Malicious GIF",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-1558",
"datePublished": "2025-03-24T15:01:52.463Z",
"dateReserved": "2025-02-21T15:44:40.158Z",
"dateUpdated": "2025-03-24T18:42:16.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20033 (GCVE-0-2025-20033)
Vulnerability from cvelistv5 – Published: 2025-01-09 06:55 – Updated: 2025-01-09 15:05
VLAI
Title
DoS via custom post type for sysconsole plugin readers
Summary
Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.2.0
Affected: 9.11.0 , ≤ 9.11.5 (semver) Affected: 10.0.0 , ≤ 10.0.3 (semver) Affected: 10.1.0 , ≤ 10.1.3 (semver) Unaffected: 10.3.0 Unaffected: 10.2.1 Unaffected: 9.11.6 Unaffected: 10.0.4 Unaffected: 10.1.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T15:05:02.977878Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T15:05:20.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"status": "affected",
"version": "10.2.0"
},
{
"lessThanOrEqual": "9.11.5",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.3",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.3.0"
},
{
"status": "unaffected",
"version": "10.2.1"
},
{
"status": "unaffected",
"version": "9.11.6"
},
{
"status": "unaffected",
"version": "10.0.4"
},
{
"status": "unaffected",
"version": "10.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "c0rydoras (c0rydoras)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T06:55:02.063Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.3.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00396",
"defect": [
"https://mattermost.atlassian.net/browse/MM-61296"
],
"discovery": "EXTERNAL"
},
"title": "DoS via custom post type for sysconsole plugin readers",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-20033",
"datePublished": "2025-01-09T06:55:02.063Z",
"dateReserved": "2025-01-08T11:07:12.589Z",
"dateUpdated": "2025-01-09T15:05:20.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20036 (GCVE-0-2025-20036)
Vulnerability from cvelistv5 – Published: 2025-01-15 16:10 – Updated: 2025-01-15 16:49
VLAI
Title
Insufficient Input Validation on Post Props
Summary
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
0 , ≤ 2.22.0
(semver)
Unaffected: 2.23.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20036",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T16:49:00.458575Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T16:49:13.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"lessThanOrEqual": "2.22.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "2.23.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "c0rydoras (c0rydoras)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost Mobile Apps versions \u0026lt;=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.\u003c/p\u003e"
}
],
"value": "Mattermost Mobile Apps versions \u003c=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T16:10:47.847Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost Mobile Apps to versions 2.23.0 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost Mobile Apps to versions 2.23.0 or higher."
}
],
"source": {
"advisory": "MMSA-2024-00398",
"defect": [
"https://mattermost.atlassian.net/browse/MM-62529"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient Input Validation on Post Props",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-20036",
"datePublished": "2025-01-15T16:10:47.847Z",
"dateReserved": "2025-01-14T00:19:35.045Z",
"dateUpdated": "2025-01-15T16:49:13.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20086 (GCVE-0-2025-20086)
Vulnerability from cvelistv5 – Published: 2025-01-15 16:49 – Updated: 2025-02-12 20:31
VLAI
Title
Insufficient Input Validation on Post Props
Summary
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.2.0
(semver)
Affected: 9.11.0 , ≤ 9.11.5 (semver) Affected: 10.0.0 , ≤ 10.0.3 (semver) Affected: 10.1.0 , ≤ 10.1.3 (semver) Unaffected: 10.3.0 Unaffected: 10.2.1 Unaffected: 9.11.6 Unaffected: 10.0.4 Unaffected: 10.1.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20086",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:20:52.723585Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:20.302Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.5",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.3",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.3.0"
},
{
"status": "unaffected",
"version": "10.2.1"
},
{
"status": "unaffected",
"version": "9.11.6"
},
{
"status": "unaffected",
"version": "10.0.4"
},
{
"status": "unaffected",
"version": "10.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "c0rydoras (c0rydoras)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.2.x \u0026lt;= 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T16:49:51.066Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00426",
"defect": [
"https://mattermost.atlassian.net/browse/MM-61376"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient Input Validation on Post Props",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-20086",
"datePublished": "2025-01-15T16:49:51.066Z",
"dateReserved": "2025-01-14T00:19:35.055Z",
"dateUpdated": "2025-02-12T20:31:20.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20088 (GCVE-0-2025-20088)
Vulnerability from cvelistv5 – Published: 2025-01-15 16:49 – Updated: 2025-02-12 20:31
VLAI
Title
Insufficient Input Validation on Post Props
Summary
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mattermost | Mattermost |
Affected:
10.2.0
(semver)
Affected: 9.11.0 , ≤ 9.11.5 (semver) Affected: 10.0.0 , ≤ 10.0.3 (semver) Affected: 10.1.0 , ≤ 10.1.3 (semver) Unaffected: 10.3.0 Unaffected: 10.2.1 Unaffected: 9.11.6 Unaffected: 10.0.4 Unaffected: 10.1.4 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20088",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:19:15.735224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:20.164Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mattermost",
"vendor": "Mattermost",
"versions": [
{
"status": "affected",
"version": "10.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.11.5",
"status": "affected",
"version": "9.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.3",
"status": "affected",
"version": "10.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.3",
"status": "affected",
"version": "10.1.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "10.3.0"
},
{
"status": "unaffected",
"version": "10.2.1"
},
{
"status": "unaffected",
"version": "9.11.6"
},
{
"status": "unaffected",
"version": "10.0.4"
},
{
"status": "unaffected",
"version": "10.1.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "c0rydoras (c0rydoras)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMattermost versions 10.2.x \u0026lt;= 10.2.0, 9.11.x \u0026lt;= 9.11.5, 10.0.x \u0026lt;= 10.0.3, 10.1.x \u0026lt;= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post.\u003c/p\u003e"
}
],
"value": "Mattermost versions 10.2.x \u003c= 10.2.0, 9.11.x \u003c= 9.11.5, 10.0.x \u003c= 10.0.3, 10.1.x \u003c= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287: Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-15T16:49:51.532Z",
"orgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"shortName": "Mattermost"
},
"references": [
{
"url": "https://mattermost.com/security-updates"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpdate Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher.\u003c/p\u003e"
}
],
"value": "Update Mattermost to versions 10.3.0, 2.23.0, 10.2.1, 9.11.6, 10.0.4, 10.1.4 or higher."
}
],
"source": {
"advisory": "MMSA-2025-00425",
"defect": [
"https://mattermost.atlassian.net/browse/MM-61378"
],
"discovery": "EXTERNAL"
},
"title": "Insufficient Input Validation on Post Props",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9302f53e-dde5-4bf3-b2f2-a83f91ac0eee",
"assignerShortName": "Mattermost",
"cveId": "CVE-2025-20088",
"datePublished": "2025-01-15T16:49:51.532Z",
"dateReserved": "2025-01-14T00:19:35.032Z",
"dateUpdated": "2025-02-12T20:31:20.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20155 (GCVE-0-2025-20155)
Vulnerability from cvelistv5 – Published: 2025-05-07 17:37 – Updated: 2026-02-26 18:28
VLAI
Summary
A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system.
This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system.
Severity
6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE Software |
Affected:
17.9.4
Affected: 17.9.5 Affected: 17.9.4a Affected: 17.9.5a Affected: 17.9.5b Affected: 17.9.6 Affected: 17.9.6a Affected: 17.9.5e Affected: 17.9.5f Affected: 17.12.1 Affected: 17.12.1w Affected: 17.12.1a Affected: 17.12.1x Affected: 17.12.2 Affected: 17.12.3 Affected: 17.12.2a Affected: 17.12.1y Affected: 17.12.1z Affected: 17.12.4 Affected: 17.12.3a Affected: 17.12.1z1 Affected: 17.12.4a Affected: 17.12.4b Affected: 17.13.1 Affected: 17.13.1a Affected: 17.14.1 Affected: 17.14.1a Affected: 17.11.99SW |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T03:56:35.764293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T18:28:48.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "17.9.4"
},
{
"status": "affected",
"version": "17.9.5"
},
{
"status": "affected",
"version": "17.9.4a"
},
{
"status": "affected",
"version": "17.9.5a"
},
{
"status": "affected",
"version": "17.9.5b"
},
{
"status": "affected",
"version": "17.9.6"
},
{
"status": "affected",
"version": "17.9.6a"
},
{
"status": "affected",
"version": "17.9.5e"
},
{
"status": "affected",
"version": "17.9.5f"
},
{
"status": "affected",
"version": "17.12.1"
},
{
"status": "affected",
"version": "17.12.1w"
},
{
"status": "affected",
"version": "17.12.1a"
},
{
"status": "affected",
"version": "17.12.1x"
},
{
"status": "affected",
"version": "17.12.2"
},
{
"status": "affected",
"version": "17.12.3"
},
{
"status": "affected",
"version": "17.12.2a"
},
{
"status": "affected",
"version": "17.12.1y"
},
{
"status": "affected",
"version": "17.12.1z"
},
{
"status": "affected",
"version": "17.12.4"
},
{
"status": "affected",
"version": "17.12.3a"
},
{
"status": "affected",
"version": "17.12.1z1"
},
{
"status": "affected",
"version": "17.12.4a"
},
{
"status": "affected",
"version": "17.12.4b"
},
{
"status": "affected",
"version": "17.13.1"
},
{
"status": "affected",
"version": "17.13.1a"
},
{
"status": "affected",
"version": "17.14.1"
},
{
"status": "affected",
"version": "17.14.1a"
},
{
"status": "affected",
"version": "17.11.99SW"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system.\r\n\r This vulnerability is due to insufficient input validation of the bootstrap file that is read by the system software when a device is first deployed in SD-WAN mode or when an administrator configures SD-Routing on the device. An attacker could exploit this vulnerability by modifying a bootstrap file generated by Cisco Catalyst SD-WAN Manager, loading it into the device flash, and then either reloading the device in a green field deployment in SD-WAN mode or configuring the device with SD-Routing. A successful exploit could allow the attacker to perform arbitrary file writes to the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "Improper Validation of Specified Type of Input",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T17:37:05.984Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-bootstrap-KfgxYgdh",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bootstrap-KfgxYgdh"
}
],
"source": {
"advisory": "cisco-sa-bootstrap-KfgxYgdh",
"defects": [
"CSCwj60286"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20155",
"datePublished": "2025-05-07T17:37:05.984Z",
"dateReserved": "2024-10-10T19:15:13.216Z",
"dateUpdated": "2026-02-26T18:28:48.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-20244 (GCVE-0-2025-20244)
Vulnerability from cvelistv5 – Published: 2025-08-14 16:29 – Updated: 2025-08-14 19:19
VLAI
Title
Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial of Service Vulnerability
Summary
A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload.
Severity
7.7 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Affected:
9.12.3
Affected: 9.8.3 Affected: 9.12.1 Affected: 9.8.1 Affected: 9.12.2 Affected: 9.8.2.45 Affected: 9.8.2 Affected: 9.8.4 Affected: 9.14.1 Affected: 9.12.4 Affected: 9.8.2.26 Affected: 9.8.2.24 Affected: 9.8.2.15 Affected: 9.8.2.14 Affected: 9.8.2.35 Affected: 9.8.2.20 Affected: 9.8.2.8 Affected: 9.8.2.17 Affected: 9.8.2.28 Affected: 9.8.2.33 Affected: 9.8.2.38 Affected: 9.8.4.25 Affected: 9.12.3.2 Affected: 9.12.3.7 Affected: 9.8.3.18 Affected: 9.8.3.14 Affected: 9.8.4.15 Affected: 9.8.4.8 Affected: 9.8.1.7 Affected: 9.8.3.29 Affected: 9.14.1.10 Affected: 9.12.2.5 Affected: 9.8.4.22 Affected: 9.12.3.12 Affected: 9.8.4.7 Affected: 9.8.4.17 Affected: 9.8.3.16 Affected: 9.8.4.20 Affected: 9.8.3.11 Affected: 9.12.1.3 Affected: 9.8.4.3 Affected: 9.12.2.4 Affected: 9.8.4.12 Affected: 9.12.1.2 Affected: 9.8.3.26 Affected: 9.8.1.5 Affected: 9.12.2.9 Affected: 9.12.3.9 Affected: 9.8.3.21 Affected: 9.8.4.10 Affected: 9.12.2.1 Affected: 9.12.4.2 Affected: 9.14.1.6 Affected: 9.8.3.8 Affected: 9.14.1.15 Affected: 9.14.1.19 Affected: 9.8.4.26 Affected: 9.12.4.4 Affected: 9.14.1.30 Affected: 9.8.4.29 Affected: 9.12.4.7 Affected: 9.14.2 Affected: 9.12.4.8 Affected: 9.8.4.32 Affected: 9.12.4.10 Affected: 9.14.2.4 Affected: 9.14.2.8 Affected: 9.12.4.13 Affected: 9.8.4.33 Affected: 9.14.2.13 Affected: 9.8.4.34 Affected: 9.12.4.18 Affected: 9.8.4.35 Affected: 9.14.2.15 Affected: 9.12.4.24 Affected: 9.16.1 Affected: 9.8.4.39 Affected: 9.14.3 Affected: 9.12.4.26 Affected: 9.16.1.28 Affected: 9.14.3.1 Affected: 9.12.4.29 Affected: 9.14.3.9 Affected: 9.16.2 Affected: 9.12.4.30 Affected: 9.16.2.3 Affected: 9.8.4.40 Affected: 9.14.3.11 Affected: 9.12.4.35 Affected: 9.8.4.41 Affected: 9.14.3.13 Affected: 9.16.2.7 Affected: 9.12.4.37 Affected: 9.14.3.15 Affected: 9.17.1 Affected: 9.16.2.11 Affected: 9.14.3.18 Affected: 9.16.2.13 Affected: 9.12.4.39 Affected: 9.12.4.38 Affected: 9.8.4.43 Affected: 9.14.4 Affected: 9.16.2.14 Affected: 9.17.1.7 Affected: 9.12.4.40 Affected: 9.16.3.3 Affected: 9.14.4.6 Affected: 9.16.3 Affected: 9.16.3.14 Affected: 9.17.1.9 Affected: 9.14.4.7 Affected: 9.12.4.41 Affected: 9.17.1.10 Affected: 9.8.4.44 Affected: 9.18.1 Affected: 9.12.4.47 Affected: 9.14.4.12 Affected: 9.16.3.15 Affected: 9.18.1.3 Affected: 9.17.1.11 Affected: 9.12.4.48 Affected: 9.14.4.13 Affected: 9.18.2 Affected: 9.16.3.19 Affected: 9.17.1.13 Affected: 9.12.4.50 Affected: 9.14.4.14 Affected: 9.17.1.15 Affected: 9.8.4.45 Affected: 9.12.4.52 Affected: 9.14.4.15 Affected: 9.16.3.23 Affected: 9.18.2.5 Affected: 9.16.4 Affected: 9.12.4.54 Affected: 9.14.4.17 Affected: 9.8.4.46 Affected: 9.17.1.20 Affected: 9.18.2.7 Affected: 9.19.1 Affected: 9.16.4.9 Affected: 9.12.4.55 Affected: 9.18.2.8 Affected: 9.14.4.22 Affected: 9.16.4.14 Affected: 9.8.4.48 Affected: 9.18.3 Affected: 9.19.1.5 Affected: 9.14.4.23 Affected: 9.12.4.56 Affected: 9.16.4.18 Affected: 9.17.1.30 Affected: 9.19.1.9 Affected: 9.18.3.39 Affected: 9.16.4.19 Affected: 9.12.4.58 Affected: 9.19.1.12 Affected: 9.18.3.46 Affected: 9.16.4.27 Affected: 9.19.1.18 Affected: 9.18.3.53 Affected: 9.18.3.55 Affected: 9.16.4.38 Affected: 9.17.1.33 Affected: 9.12.4.62 Affected: 9.16.4.39 Affected: 9.18.3.56 Affected: 9.20.1 Affected: 9.16.4.42 Affected: 9.19.1.22 Affected: 9.18.4 Affected: 9.20.1.5 Affected: 9.18.4.5 Affected: 9.19.1.24 Affected: 9.16.4.48 Affected: 9.18.4.8 Affected: 9.20.2 Affected: 9.19.1.27 Affected: 9.12.4.65 Affected: 9.16.4.55 Affected: 9.18.4.22 Affected: 9.20.2.10 Affected: 9.16.4.57 Affected: 9.19.1.28 Affected: 9.17.1.39 Affected: 9.12.4.67 Affected: 9.14.4.24 Affected: 9.18.4.24 Affected: 9.20.2.21 Affected: 9.16.4.61 Affected: 9.19.1.31 Affected: 9.18.4.29 Affected: 9.20.2.22 Affected: 9.16.4.62 Affected: 9.18.4.34 Affected: 9.20.3 Affected: 9.16.4.67 Affected: 9.16.4.70 Affected: 9.18.4.40 Affected: 9.22.1.1 Affected: 9.16.4.71 Affected: 9.20.3.4 Affected: 9.16.4.76 Affected: 9.22.1.2 Affected: 9.16.4.82 |
|
| Cisco | Cisco Firepower Threat Defense Software |
Affected:
6.2.3.14
Affected: 6.4.0.1 Affected: 6.2.3.7 Affected: 6.2.3 Affected: 6.4.0.2 Affected: 6.2.3.9 Affected: 6.2.3.1 Affected: 6.2.3.2 Affected: 6.4.0.5 Affected: 6.2.3.10 Affected: 6.4.0 Affected: 6.4.0.3 Affected: 6.2.3.6 Affected: 6.4.0.4 Affected: 6.2.3.15 Affected: 6.2.3.5 Affected: 6.2.3.4 Affected: 6.2.3.3 Affected: 6.2.3.8 Affected: 6.4.0.6 Affected: 6.2.3.11 Affected: 6.2.3.12 Affected: 6.2.3.13 Affected: 6.4.0.7 Affected: 6.4.0.8 Affected: 6.6.0 Affected: 6.4.0.9 Affected: 6.2.3.16 Affected: 6.6.0.1 Affected: 6.6.1 Affected: 6.4.0.10 Affected: 6.4.0.11 Affected: 6.6.3 Affected: 6.6.4 Affected: 6.4.0.12 Affected: 7.0.0 Affected: 6.2.3.17 Affected: 7.0.0.1 Affected: 6.6.5 Affected: 7.0.1 Affected: 7.1.0 Affected: 6.4.0.13 Affected: 6.6.5.1 Affected: 6.2.3.18 Affected: 7.0.1.1 Affected: 6.4.0.14 Affected: 7.1.0.1 Affected: 6.6.5.2 Affected: 7.0.2 Affected: 6.4.0.15 Affected: 7.2.0 Affected: 7.0.2.1 Affected: 7.0.3 Affected: 6.6.7 Affected: 7.1.0.2 Affected: 7.2.0.1 Affected: 7.0.4 Affected: 7.2.1 Affected: 7.0.5 Affected: 6.4.0.16 Affected: 7.3.0 Affected: 7.2.2 Affected: 7.2.3 Affected: 6.6.7.1 Affected: 7.3.1 Affected: 7.1.0.3 Affected: 7.2.4 Affected: 7.0.6 Affected: 7.2.5 Affected: 7.2.4.1 Affected: 7.3.1.1 Affected: 7.4.0 Affected: 6.4.0.17 Affected: 7.0.6.1 Affected: 7.2.5.1 Affected: 7.4.1 Affected: 7.2.6 Affected: 7.0.6.2 Affected: 7.4.1.1 Affected: 6.6.7.2 Affected: 6.4.0.18 Affected: 7.2.7 Affected: 7.2.5.2 Affected: 7.3.1.2 Affected: 7.2.8 Affected: 7.6.0 Affected: 7.4.2 Affected: 7.2.8.1 Affected: 7.0.6.3 Affected: 7.4.2.1 Affected: 7.0.7 Affected: 7.4.2.2 Affected: 7.4.2.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-14T18:38:58.710669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T19:19:47.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.12.3"
},
{
"status": "affected",
"version": "9.8.3"
},
{
"status": "affected",
"version": "9.12.1"
},
{
"status": "affected",
"version": "9.8.1"
},
{
"status": "affected",
"version": "9.12.2"
},
{
"status": "affected",
"version": "9.8.2.45"
},
{
"status": "affected",
"version": "9.8.2"
},
{
"status": "affected",
"version": "9.8.4"
},
{
"status": "affected",
"version": "9.14.1"
},
{
"status": "affected",
"version": "9.12.4"
},
{
"status": "affected",
"version": "9.8.2.26"
},
{
"status": "affected",
"version": "9.8.2.24"
},
{
"status": "affected",
"version": "9.8.2.15"
},
{
"status": "affected",
"version": "9.8.2.14"
},
{
"status": "affected",
"version": "9.8.2.35"
},
{
"status": "affected",
"version": "9.8.2.20"
},
{
"status": "affected",
"version": "9.8.2.8"
},
{
"status": "affected",
"version": "9.8.2.17"
},
{
"status": "affected",
"version": "9.8.2.28"
},
{
"status": "affected",
"version": "9.8.2.33"
},
{
"status": "affected",
"version": "9.8.2.38"
},
{
"status": "affected",
"version": "9.8.4.25"
},
{
"status": "affected",
"version": "9.12.3.2"
},
{
"status": "affected",
"version": "9.12.3.7"
},
{
"status": "affected",
"version": "9.8.3.18"
},
{
"status": "affected",
"version": "9.8.3.14"
},
{
"status": "affected",
"version": "9.8.4.15"
},
{
"status": "affected",
"version": "9.8.4.8"
},
{
"status": "affected",
"version": "9.8.1.7"
},
{
"status": "affected",
"version": "9.8.3.29"
},
{
"status": "affected",
"version": "9.14.1.10"
},
{
"status": "affected",
"version": "9.12.2.5"
},
{
"status": "affected",
"version": "9.8.4.22"
},
{
"status": "affected",
"version": "9.12.3.12"
},
{
"status": "affected",
"version": "9.8.4.7"
},
{
"status": "affected",
"version": "9.8.4.17"
},
{
"status": "affected",
"version": "9.8.3.16"
},
{
"status": "affected",
"version": "9.8.4.20"
},
{
"status": "affected",
"version": "9.8.3.11"
},
{
"status": "affected",
"version": "9.12.1.3"
},
{
"status": "affected",
"version": "9.8.4.3"
},
{
"status": "affected",
"version": "9.12.2.4"
},
{
"status": "affected",
"version": "9.8.4.12"
},
{
"status": "affected",
"version": "9.12.1.2"
},
{
"status": "affected",
"version": "9.8.3.26"
},
{
"status": "affected",
"version": "9.8.1.5"
},
{
"status": "affected",
"version": "9.12.2.9"
},
{
"status": "affected",
"version": "9.12.3.9"
},
{
"status": "affected",
"version": "9.8.3.21"
},
{
"status": "affected",
"version": "9.8.4.10"
},
{
"status": "affected",
"version": "9.12.2.1"
},
{
"status": "affected",
"version": "9.12.4.2"
},
{
"status": "affected",
"version": "9.14.1.6"
},
{
"status": "affected",
"version": "9.8.3.8"
},
{
"status": "affected",
"version": "9.14.1.15"
},
{
"status": "affected",
"version": "9.14.1.19"
},
{
"status": "affected",
"version": "9.8.4.26"
},
{
"status": "affected",
"version": "9.12.4.4"
},
{
"status": "affected",
"version": "9.14.1.30"
},
{
"status": "affected",
"version": "9.8.4.29"
},
{
"status": "affected",
"version": "9.12.4.7"
},
{
"status": "affected",
"version": "9.14.2"
},
{
"status": "affected",
"version": "9.12.4.8"
},
{
"status": "affected",
"version": "9.8.4.32"
},
{
"status": "affected",
"version": "9.12.4.10"
},
{
"status": "affected",
"version": "9.14.2.4"
},
{
"status": "affected",
"version": "9.14.2.8"
},
{
"status": "affected",
"version": "9.12.4.13"
},
{
"status": "affected",
"version": "9.8.4.33"
},
{
"status": "affected",
"version": "9.14.2.13"
},
{
"status": "affected",
"version": "9.8.4.34"
},
{
"status": "affected",
"version": "9.12.4.18"
},
{
"status": "affected",
"version": "9.8.4.35"
},
{
"status": "affected",
"version": "9.14.2.15"
},
{
"status": "affected",
"version": "9.12.4.24"
},
{
"status": "affected",
"version": "9.16.1"
},
{
"status": "affected",
"version": "9.8.4.39"
},
{
"status": "affected",
"version": "9.14.3"
},
{
"status": "affected",
"version": "9.12.4.26"
},
{
"status": "affected",
"version": "9.16.1.28"
},
{
"status": "affected",
"version": "9.14.3.1"
},
{
"status": "affected",
"version": "9.12.4.29"
},
{
"status": "affected",
"version": "9.14.3.9"
},
{
"status": "affected",
"version": "9.16.2"
},
{
"status": "affected",
"version": "9.12.4.30"
},
{
"status": "affected",
"version": "9.16.2.3"
},
{
"status": "affected",
"version": "9.8.4.40"
},
{
"status": "affected",
"version": "9.14.3.11"
},
{
"status": "affected",
"version": "9.12.4.35"
},
{
"status": "affected",
"version": "9.8.4.41"
},
{
"status": "affected",
"version": "9.14.3.13"
},
{
"status": "affected",
"version": "9.16.2.7"
},
{
"status": "affected",
"version": "9.12.4.37"
},
{
"status": "affected",
"version": "9.14.3.15"
},
{
"status": "affected",
"version": "9.17.1"
},
{
"status": "affected",
"version": "9.16.2.11"
},
{
"status": "affected",
"version": "9.14.3.18"
},
{
"status": "affected",
"version": "9.16.2.13"
},
{
"status": "affected",
"version": "9.12.4.39"
},
{
"status": "affected",
"version": "9.12.4.38"
},
{
"status": "affected",
"version": "9.8.4.43"
},
{
"status": "affected",
"version": "9.14.4"
},
{
"status": "affected",
"version": "9.16.2.14"
},
{
"status": "affected",
"version": "9.17.1.7"
},
{
"status": "affected",
"version": "9.12.4.40"
},
{
"status": "affected",
"version": "9.16.3.3"
},
{
"status": "affected",
"version": "9.14.4.6"
},
{
"status": "affected",
"version": "9.16.3"
},
{
"status": "affected",
"version": "9.16.3.14"
},
{
"status": "affected",
"version": "9.17.1.9"
},
{
"status": "affected",
"version": "9.14.4.7"
},
{
"status": "affected",
"version": "9.12.4.41"
},
{
"status": "affected",
"version": "9.17.1.10"
},
{
"status": "affected",
"version": "9.8.4.44"
},
{
"status": "affected",
"version": "9.18.1"
},
{
"status": "affected",
"version": "9.12.4.47"
},
{
"status": "affected",
"version": "9.14.4.12"
},
{
"status": "affected",
"version": "9.16.3.15"
},
{
"status": "affected",
"version": "9.18.1.3"
},
{
"status": "affected",
"version": "9.17.1.11"
},
{
"status": "affected",
"version": "9.12.4.48"
},
{
"status": "affected",
"version": "9.14.4.13"
},
{
"status": "affected",
"version": "9.18.2"
},
{
"status": "affected",
"version": "9.16.3.19"
},
{
"status": "affected",
"version": "9.17.1.13"
},
{
"status": "affected",
"version": "9.12.4.50"
},
{
"status": "affected",
"version": "9.14.4.14"
},
{
"status": "affected",
"version": "9.17.1.15"
},
{
"status": "affected",
"version": "9.8.4.45"
},
{
"status": "affected",
"version": "9.12.4.52"
},
{
"status": "affected",
"version": "9.14.4.15"
},
{
"status": "affected",
"version": "9.16.3.23"
},
{
"status": "affected",
"version": "9.18.2.5"
},
{
"status": "affected",
"version": "9.16.4"
},
{
"status": "affected",
"version": "9.12.4.54"
},
{
"status": "affected",
"version": "9.14.4.17"
},
{
"status": "affected",
"version": "9.8.4.46"
},
{
"status": "affected",
"version": "9.17.1.20"
},
{
"status": "affected",
"version": "9.18.2.7"
},
{
"status": "affected",
"version": "9.19.1"
},
{
"status": "affected",
"version": "9.16.4.9"
},
{
"status": "affected",
"version": "9.12.4.55"
},
{
"status": "affected",
"version": "9.18.2.8"
},
{
"status": "affected",
"version": "9.14.4.22"
},
{
"status": "affected",
"version": "9.16.4.14"
},
{
"status": "affected",
"version": "9.8.4.48"
},
{
"status": "affected",
"version": "9.18.3"
},
{
"status": "affected",
"version": "9.19.1.5"
},
{
"status": "affected",
"version": "9.14.4.23"
},
{
"status": "affected",
"version": "9.12.4.56"
},
{
"status": "affected",
"version": "9.16.4.18"
},
{
"status": "affected",
"version": "9.17.1.30"
},
{
"status": "affected",
"version": "9.19.1.9"
},
{
"status": "affected",
"version": "9.18.3.39"
},
{
"status": "affected",
"version": "9.16.4.19"
},
{
"status": "affected",
"version": "9.12.4.58"
},
{
"status": "affected",
"version": "9.19.1.12"
},
{
"status": "affected",
"version": "9.18.3.46"
},
{
"status": "affected",
"version": "9.16.4.27"
},
{
"status": "affected",
"version": "9.19.1.18"
},
{
"status": "affected",
"version": "9.18.3.53"
},
{
"status": "affected",
"version": "9.18.3.55"
},
{
"status": "affected",
"version": "9.16.4.38"
},
{
"status": "affected",
"version": "9.17.1.33"
},
{
"status": "affected",
"version": "9.12.4.62"
},
{
"status": "affected",
"version": "9.16.4.39"
},
{
"status": "affected",
"version": "9.18.3.56"
},
{
"status": "affected",
"version": "9.20.1"
},
{
"status": "affected",
"version": "9.16.4.42"
},
{
"status": "affected",
"version": "9.19.1.22"
},
{
"status": "affected",
"version": "9.18.4"
},
{
"status": "affected",
"version": "9.20.1.5"
},
{
"status": "affected",
"version": "9.18.4.5"
},
{
"status": "affected",
"version": "9.19.1.24"
},
{
"status": "affected",
"version": "9.16.4.48"
},
{
"status": "affected",
"version": "9.18.4.8"
},
{
"status": "affected",
"version": "9.20.2"
},
{
"status": "affected",
"version": "9.19.1.27"
},
{
"status": "affected",
"version": "9.12.4.65"
},
{
"status": "affected",
"version": "9.16.4.55"
},
{
"status": "affected",
"version": "9.18.4.22"
},
{
"status": "affected",
"version": "9.20.2.10"
},
{
"status": "affected",
"version": "9.16.4.57"
},
{
"status": "affected",
"version": "9.19.1.28"
},
{
"status": "affected",
"version": "9.17.1.39"
},
{
"status": "affected",
"version": "9.12.4.67"
},
{
"status": "affected",
"version": "9.14.4.24"
},
{
"status": "affected",
"version": "9.18.4.24"
},
{
"status": "affected",
"version": "9.20.2.21"
},
{
"status": "affected",
"version": "9.16.4.61"
},
{
"status": "affected",
"version": "9.19.1.31"
},
{
"status": "affected",
"version": "9.18.4.29"
},
{
"status": "affected",
"version": "9.20.2.22"
},
{
"status": "affected",
"version": "9.16.4.62"
},
{
"status": "affected",
"version": "9.18.4.34"
},
{
"status": "affected",
"version": "9.20.3"
},
{
"status": "affected",
"version": "9.16.4.67"
},
{
"status": "affected",
"version": "9.16.4.70"
},
{
"status": "affected",
"version": "9.18.4.40"
},
{
"status": "affected",
"version": "9.22.1.1"
},
{
"status": "affected",
"version": "9.16.4.71"
},
{
"status": "affected",
"version": "9.20.3.4"
},
{
"status": "affected",
"version": "9.16.4.76"
},
{
"status": "affected",
"version": "9.22.1.2"
},
{
"status": "affected",
"version": "9.16.4.82"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.2.3.14"
},
{
"status": "affected",
"version": "6.4.0.1"
},
{
"status": "affected",
"version": "6.2.3.7"
},
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.4.0.2"
},
{
"status": "affected",
"version": "6.2.3.9"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.4.0.5"
},
{
"status": "affected",
"version": "6.2.3.10"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.0.3"
},
{
"status": "affected",
"version": "6.2.3.6"
},
{
"status": "affected",
"version": "6.4.0.4"
},
{
"status": "affected",
"version": "6.2.3.15"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.8"
},
{
"status": "affected",
"version": "6.4.0.6"
},
{
"status": "affected",
"version": "6.2.3.11"
},
{
"status": "affected",
"version": "6.2.3.12"
},
{
"status": "affected",
"version": "6.2.3.13"
},
{
"status": "affected",
"version": "6.4.0.7"
},
{
"status": "affected",
"version": "6.4.0.8"
},
{
"status": "affected",
"version": "6.6.0"
},
{
"status": "affected",
"version": "6.4.0.9"
},
{
"status": "affected",
"version": "6.2.3.16"
},
{
"status": "affected",
"version": "6.6.0.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.4.0.10"
},
{
"status": "affected",
"version": "6.4.0.11"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "6.4.0.12"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "6.2.3.17"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "6.6.5"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "6.4.0.13"
},
{
"status": "affected",
"version": "6.6.5.1"
},
{
"status": "affected",
"version": "6.2.3.18"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "6.4.0.14"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "6.6.5.2"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "6.4.0.15"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "6.6.7"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "6.4.0.16"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "6.6.7.1"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.4"
},
{
"status": "affected",
"version": "7.0.6"
},
{
"status": "affected",
"version": "7.2.5"
},
{
"status": "affected",
"version": "7.2.4.1"
},
{
"status": "affected",
"version": "7.3.1.1"
},
{
"status": "affected",
"version": "7.4.0"
},
{
"status": "affected",
"version": "6.4.0.17"
},
{
"status": "affected",
"version": "7.0.6.1"
},
{
"status": "affected",
"version": "7.2.5.1"
},
{
"status": "affected",
"version": "7.4.1"
},
{
"status": "affected",
"version": "7.2.6"
},
{
"status": "affected",
"version": "7.0.6.2"
},
{
"status": "affected",
"version": "7.4.1.1"
},
{
"status": "affected",
"version": "6.6.7.2"
},
{
"status": "affected",
"version": "6.4.0.18"
},
{
"status": "affected",
"version": "7.2.7"
},
{
"status": "affected",
"version": "7.2.5.2"
},
{
"status": "affected",
"version": "7.3.1.2"
},
{
"status": "affected",
"version": "7.2.8"
},
{
"status": "affected",
"version": "7.6.0"
},
{
"status": "affected",
"version": "7.4.2"
},
{
"status": "affected",
"version": "7.2.8.1"
},
{
"status": "affected",
"version": "7.0.6.3"
},
{
"status": "affected",
"version": "7.4.2.1"
},
{
"status": "affected",
"version": "7.0.7"
},
{
"status": "affected",
"version": "7.4.2.2"
},
{
"status": "affected",
"version": "7.4.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Remote Access SSL VPN service for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow a remote attacker that is authenticated as a VPN user to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r\nThis vulnerability is due to incomplete error checking when parsing an HTTP header field value. An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted Remote Access SSL VPN service on an affected device. A successful exploit could allow the attacker to cause a DoS condition, which would cause the affected device to reload."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "Improper Validation of Specified Type of Input",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T16:29:29.694Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX"
}
],
"source": {
"advisory": "cisco-sa-asaftd-vpnwebs-dos-hjBhmBsX",
"discovery": "INTERNAL"
},
"title": "Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Remote Access VPN Web Server Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20244",
"datePublished": "2025-08-14T16:29:29.694Z",
"dateReserved": "2024-10-10T19:15:13.238Z",
"dateUpdated": "2025-08-14T19:19:47.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
No CAPEC attack patterns related to this CWE.