CVE-2025-20183
05.02.2025, 17:15
A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. The vulnerability is due to improper handling of a crafted range request header. An attacker could exploit this vulnerability by sending an HTTP request with a crafted range request header through the affected device. A successful exploit could allow the attacker to evade the antivirus scanner and download malware onto the endpoint without detection by Cisco Secure Web Appliance.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cisco | asyncos | 11.8.0-414 |
| cisco | asyncos | 11.8.0-429 |
| cisco | asyncos | 11.8.0-453 |
| cisco | asyncos | 11.8.1-023 |
| cisco | asyncos | 11.8.3-018 |
| cisco | asyncos | 11.8.3-021 |
| cisco | asyncos | 11.8.4-004 |
| cisco | asyncos | 12.0.1-268 |
| cisco | asyncos | 12.0.1-334 |
| cisco | asyncos | 12.0.2-004 |
| cisco | asyncos | 12.0.2-012 |
| cisco | asyncos | 12.0.3-005 |
| cisco | asyncos | 12.0.3-007 |
| cisco | asyncos | 12.0.4-002 |
| cisco | asyncos | 12.0.5-011 |
| cisco | asyncos | 12.5.1-011 |
| cisco | asyncos | 12.5.1-043 |
| cisco | asyncos | 12.5.2-007 |
| cisco | asyncos | 12.5.2-011 |
| cisco | asyncos | 12.5.3-002 |
| cisco | asyncos | 12.5.4-005 |
| cisco | asyncos | 12.5.4-011 |
| cisco | asyncos | 12.5.5-004 |
| cisco | asyncos | 12.5.5-005 |
| cisco | asyncos | 12.5.5-008 |
| cisco | asyncos | 12.5.6-008 |
| cisco | asyncos | 14.0.1-014 |
| cisco | asyncos | 14.0.1-040 |
| cisco | asyncos | 14.0.1-053 |
| cisco | asyncos | 14.0.1-503 |
| cisco | asyncos | 14.0.2-012 |
| cisco | asyncos | 14.0.3-014 |
| cisco | asyncos | 14.0.4-005 |
| cisco | asyncos | 14.0.5-007 |
| cisco | asyncos | 14.1.0-032 |
| cisco | asyncos | 14.1.0-041 |
| cisco | asyncos | 14.1.0-047 |
| cisco | asyncos | 14.5.0-498 |
| cisco | asyncos | 14.5.0-537 |
| cisco | asyncos | 14.5.0-673 |
| cisco | asyncos | 14.5.1-008 |
| cisco | asyncos | 14.5.1-016 |
| cisco | asyncos | 14.5.1-510 |
| cisco | asyncos | 14.5.1-607 |
| cisco | asyncos | 14.5.2-011 |
| cisco | asyncos | 14.5.3-033 |
| cisco | asyncos | 15.0.0-322 |
| cisco | asyncos | 15.0.0-355 |
| cisco | asyncos | 15.1.0-287 |
| cisco | asyncos | 15.2.0-116 |
| cisco | asyncos | 15.2.0-164 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration