Policy-Based Vulnerability in Cisco AsyncOS Software for Secure Web Appliance
CVE-2025-20183

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Secure Web Appliance
Vendor
CVE Published:
5 February 2025

Badges

👾 Exploit Exists

Summary

A policy-based vulnerability exists in the Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for the Cisco Secure Web Appliance. This flaw is caused by improper handling of crafted range request headers, which can be exploited by unauthenticated remote attackers. By sending a specially crafted HTTP request through the affected device, attackers have the potential to bypass the antivirus scanner, thereby enabling the download of malicious files onto endpoint systems without detection. This presents significant security risks for users relying on Cisco Secure Web Appliance for malware protection.

Affected Version(s)

Cisco Secure Web Appliance 11.8.0-453

Cisco Secure Web Appliance 12.5.3-002

Cisco Secure Web Appliance 12.0.3-007

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.