CVE-2025-20217

EUVD-2025-24850

14.08.2025, 17:15

A vulnerability in the packet inspection functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to incorrect processing of traffic that is inspected by an affected device. An attacker could exploit this vulnerability by sending crafted traffic through the affected device. A successful exploit could allow the attacker to cause the affected device to enter an infinite loop while inspecting traffic, resulting in a DoS condition. The system watchdog will restart the Snort process automatically.

Infinite Loop

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
cisco	CNA	8.6 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
cisco	firepower_threat_defense	7.1.0	CNA
cisco	firepower_threat_defense	7.1.0.1	CNA
cisco	firepower_threat_defense	7.2.0	CNA
cisco	firepower_threat_defense	7.1.0.2	CNA
cisco	firepower_threat_defense	7.2.0.1	CNA
cisco	firepower_threat_defense	7.2.1	CNA
cisco	firepower_threat_defense	7.3.0	CNA
cisco	firepower_threat_defense	7.2.2	CNA
cisco	firepower_threat_defense	7.2.3	CNA
cisco	firepower_threat_defense	7.3.1	CNA
cisco	firepower_threat_defense	7.1.0.3	CNA
cisco	firepower_threat_defense	7.2.4	CNA
cisco	firepower_threat_defense	7.2.5	CNA
cisco	firepower_threat_defense	7.2.4.1	CNA
cisco	firepower_threat_defense	7.3.1.1	CNA
cisco	firepower_threat_defense	7.4.0	CNA
cisco	firepower_threat_defense	7.2.5.1	CNA
cisco	firepower_threat_defense	7.4.1	CNA
cisco	firepower_threat_defense	7.2.6	CNA
cisco	firepower_threat_defense	7.4.1.1	CNA
cisco	firepower_threat_defense	7.2.7	CNA
cisco	firepower_threat_defense	7.2.5.2	CNA
cisco	firepower_threat_defense	7.3.1.2	CNA
cisco	firepower_threat_defense	7.2.8	CNA
cisco	firepower_threat_defense	7.6.0	CNA
cisco	firepower_threat_defense	7.4.2	CNA
cisco	firepower_threat_defense	7.2.8.1	CNA
cisco	firepower_threat_defense	7.4.2.1	CNA
cisco	firepower_threat_defense	7.2.9	CNA

Common Weakness Enumeration

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-dos-SvKhtjgt