OSPF Protocol Vulnerability in Cisco Secure Firewall ASA and FTD Software
CVE-2026-20025

6.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Firewall Adaptive Security Appliance (asa) Software; Cisco Secure Firewall Threat Defense (ftd) Software
Vendor: CVE Published:; 4 March 2026

Badges

👾 Exploit Exists

What is CVE-2026-20025?

A vulnerability exists in the OSPF protocol of Cisco Secure Firewall ASA and FTD Software, allowing an authenticated adjacent attacker to craft specific OSPF link-state update packets. When these packets are sent, they can exploit insufficient input validation, potentially corrupting the heap memory of the device. This exploitation causes the device to unexpectedly reload, leading to a denial of service condition. Successful exploitation requires knowledge of the OSPF secret key, which heightens the risk profile for devices using affected versions.

Affected Version(s)

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.2

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 9.12.1.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 4, 2026
Vulnerability published
Mar 4, 2026
Vulnerability Reserved
Oct 8, 2025

CVE-2026-20025 Data

JSON