DoS via Infinite Loop in Cisco ASA/FTD DNS NAT Inspection
CVE-2025-20136 Published on August 14, 2025
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability
A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection for Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to an infinite loop condition that occurs when a Cisco Secure ASA or Cisco Secure FTD device processes DNS packets with DNS inspection enabled and the device is configured for NAT44, NAT64, or NAT46. An attacker could exploit this vulnerability by sending crafted DNS packets that match a static NAT rule with DNS inspection enabled through an affected device. A successful exploit could allow the attacker to create an infinite loop and cause the device to reload, resulting in a DoS condition.
Vulnerability Analysis
CVE-2025-20136 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH
Weakness Type
What is an Infinite Loop Vulnerability?
The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.
CVE-2025-20136 has been classified to as an Infinite Loop vulnerability or weakness.
Products Associated with CVE-2025-20136
Want to know whenever a new CVE is published for Cisco Adaptive Security Appliance? stack.watch will email you.
Affected Versions
Cisco Adaptive Security Appliance (ASA) Software:- Version 9.12.3 is affected.
- Version 9.8.3 is affected.
- Version 9.12.1 is affected.
- Version 9.8.1 is affected.
- Version 9.12.2 is affected.
- Version 9.8.2.45 is affected.
- Version 9.8.2 is affected.
- Version 9.8.4 is affected.
- Version 9.14.1 is affected.
- Version 9.12.4 is affected.
- Version 9.8.2.26 is affected.
- Version 9.8.2.24 is affected.
- Version 9.8.2.15 is affected.
- Version 9.8.2.14 is affected.
- Version 9.8.2.35 is affected.
- Version 9.8.2.20 is affected.
- Version 9.8.2.8 is affected.
- Version 9.8.2.17 is affected.
- Version 9.8.2.28 is affected.
- Version 9.8.2.33 is affected.
- Version 9.8.2.38 is affected.
- Version 9.8.4.25 is affected.
- Version 9.12.3.2 is affected.
- Version 9.12.3.7 is affected.
- Version 9.8.3.18 is affected.
- Version 9.8.3.14 is affected.
- Version 9.8.4.15 is affected.
- Version 9.8.4.8 is affected.
- Version 9.8.1.7 is affected.
- Version 9.8.3.29 is affected.
- Version 9.14.1.10 is affected.
- Version 9.12.2.5 is affected.
- Version 9.8.4.22 is affected.
- Version 9.12.3.12 is affected.
- Version 9.8.4.7 is affected.
- Version 9.8.4.17 is affected.
- Version 9.8.3.16 is affected.
- Version 9.8.4.20 is affected.
- Version 9.8.3.11 is affected.
- Version 9.12.1.3 is affected.
- Version 9.8.4.3 is affected.
- Version 9.12.2.4 is affected.
- Version 9.8.4.12 is affected.
- Version 9.12.1.2 is affected.
- Version 9.8.3.26 is affected.
- Version 9.8.1.5 is affected.
- Version 9.12.2.9 is affected.
- Version 9.12.3.9 is affected.
- Version 9.8.3.21 is affected.
- Version 9.8.4.10 is affected.
- Version 9.12.2.1 is affected.
- Version 9.12.4.2 is affected.
- Version 9.14.1.6 is affected.
- Version 9.8.3.8 is affected.
- Version 9.14.1.15 is affected.
- Version 9.14.1.19 is affected.
- Version 9.8.4.26 is affected.
- Version 9.12.4.4 is affected.
- Version 9.14.1.30 is affected.
- Version 9.8.4.29 is affected.
- Version 9.12.4.7 is affected.
- Version 9.14.2 is affected.
- Version 9.12.4.8 is affected.
- Version 9.8.4.32 is affected.
- Version 9.12.4.10 is affected.
- Version 9.14.2.4 is affected.
- Version 9.14.2.8 is affected.
- Version 9.12.4.13 is affected.
- Version 9.8.4.33 is affected.
- Version 9.14.2.13 is affected.
- Version 9.8.4.34 is affected.
- Version 9.12.4.18 is affected.
- Version 9.8.4.35 is affected.
- Version 9.14.2.15 is affected.
- Version 9.12.4.24 is affected.
- Version 9.16.1 is affected.
- Version 9.8.4.39 is affected.
- Version 9.14.3 is affected.
- Version 9.12.4.26 is affected.
- Version 9.16.1.28 is affected.
- Version 9.14.3.1 is affected.
- Version 9.12.4.29 is affected.
- Version 9.14.3.9 is affected.
- Version 9.16.2 is affected.
- Version 9.12.4.30 is affected.
- Version 9.16.2.3 is affected.
- Version 9.8.4.40 is affected.
- Version 9.14.3.11 is affected.
- Version 9.12.4.35 is affected.
- Version 9.8.4.41 is affected.
- Version 9.15.1.1 is affected.
- Version 9.14.3.13 is affected.
- Version 9.16.2.7 is affected.
- Version 9.12.4.37 is affected.
- Version 9.14.3.15 is affected.
- Version 9.17.1 is affected.
- Version 9.16.2.11 is affected.
- Version 9.14.3.18 is affected.
- Version 9.16.2.13 is affected.
- Version 9.12.4.39 is affected.
- Version 9.12.4.38 is affected.
- Version 9.8.4.43 is affected.
- Version 9.14.4 is affected.
- Version 9.16.2.14 is affected.
- Version 9.17.1.7 is affected.
- Version 9.12.4.40 is affected.
- Version 9.16.3.3 is affected.
- Version 9.14.4.6 is affected.
- Version 9.16.3 is affected.
- Version 9.16.3.14 is affected.
- Version 9.17.1.9 is affected.
- Version 9.14.4.7 is affected.
- Version 9.12.4.41 is affected.
- Version 9.17.1.10 is affected.
- Version 9.8.4.44 is affected.
- Version 9.18.1 is affected.
- Version 9.12.4.47 is affected.
- Version 9.14.4.12 is affected.
- Version 9.16.3.15 is affected.
- Version 9.18.1.3 is affected.
- Version 9.17.1.11 is affected.
- Version 9.12.4.48 is affected.
- Version 9.14.4.13 is affected.
- Version 9.18.2 is affected.
- Version 9.16.3.19 is affected.
- Version 9.17.1.13 is affected.
- Version 9.12.4.50 is affected.
- Version 9.14.4.14 is affected.
- Version 9.17.1.15 is affected.
- Version 9.8.4.45 is affected.
- Version 9.12.4.52 is affected.
- Version 9.14.4.15 is affected.
- Version 9.16.3.23 is affected.
- Version 9.18.2.5 is affected.
- Version 9.16.4 is affected.
- Version 9.12.4.54 is affected.
- Version 9.14.4.17 is affected.
- Version 9.8.4.46 is affected.
- Version 9.17.1.20 is affected.
- Version 9.18.2.7 is affected.
- Version 9.19.1 is affected.
- Version 9.16.4.9 is affected.
- Version 9.12.4.55 is affected.
- Version 9.18.2.8 is affected.
- Version 9.14.4.22 is affected.
- Version 9.16.4.14 is affected.
- Version 9.8.4.48 is affected.
- Version 9.18.3 is affected.
- Version 9.19.1.5 is affected.
- Version 9.14.4.23 is affected.
- Version 9.12.4.56 is affected.
- Version 9.16.4.18 is affected.
- Version 9.17.1.30 is affected.
- Version 9.19.1.9 is affected.
- Version 9.18.3.39 is affected.
- Version 9.16.4.19 is affected.
- Version 9.12.4.58 is affected.
- Version 9.19.1.12 is affected.
- Version 9.18.3.46 is affected.
- Version 9.16.4.27 is affected.
- Version 9.19.1.18 is affected.
- Version 9.18.3.53 is affected.
- Version 9.18.3.55 is affected.
- Version 9.16.4.38 is affected.
- Version 9.17.1.33 is affected.
- Version 9.12.4.62 is affected.
- Version 9.16.4.39 is affected.
- Version 9.18.3.56 is affected.
- Version 9.20.1 is affected.
- Version 9.16.4.42 is affected.
- Version 9.19.1.22 is affected.
- Version 9.18.4 is affected.
- Version 9.20.1.5 is affected.
- Version 9.18.4.5 is affected.
- Version 9.19.1.24 is affected.
- Version 9.16.4.48 is affected.
- Version 9.18.4.8 is affected.
- Version 9.20.2 is affected.
- Version 9.19.1.27 is affected.
- Version 9.12.4.65 is affected.
- Version 9.16.4.55 is affected.
- Version 9.18.4.22 is affected.
- Version 9.20.2.10 is affected.
- Version 9.16.4.57 is affected.
- Version 9.19.1.28 is affected.
- Version 9.17.1.39 is affected.
- Version 9.12.4.67 is affected.
- Version 9.14.4.24 is affected.
- Version 9.18.4.24 is affected.
- Version 9.20.2.21 is affected.
- Version 9.16.4.61 is affected.
- Version 9.19.1.31 is affected.
- Version 9.18.4.29 is affected.
- Version 9.20.2.22 is affected.
- Version 9.16.4.62 is affected.
- Version 9.18.4.34 is affected.
- Version 9.20.3 is affected.
- Version 9.16.4.67 is affected.
- Version 9.16.4.70 is affected.
- Version 9.18.4.40 is affected.
- Version 9.22.1.1 is affected.
- Version 9.16.4.71 is affected.
- Version 9.20.3.4 is affected.
- Version 9.18.4.47 is affected.
- Version 9.17.1.45 is affected.
- Version 9.19.1.37 is affected.
- Version 9.17.1.46 is affected.
- Version 9.19.1.38 is affected.
- Version 9.22.1.2 is affected.
- Version 6.2.3.14 is affected.
- Version 6.4.0.1 is affected.
- Version 6.2.3.7 is affected.
- Version 6.2.3 is affected.
- Version 6.4.0.2 is affected.
- Version 6.2.3.9 is affected.
- Version 6.2.3.1 is affected.
- Version 6.2.3.2 is affected.
- Version 6.4.0.5 is affected.
- Version 6.2.3.10 is affected.
- Version 6.4.0 is affected.
- Version 6.4.0.3 is affected.
- Version 6.2.3.6 is affected.
- Version 6.4.0.4 is affected.
- Version 6.2.3.15 is affected.
- Version 6.2.3.5 is affected.
- Version 6.2.3.4 is affected.
- Version 6.2.3.3 is affected.
- Version 6.2.3.8 is affected.
- Version 6.4.0.6 is affected.
- Version 6.2.3.11 is affected.
- Version 6.2.3.12 is affected.
- Version 6.2.3.13 is affected.
- Version 6.4.0.7 is affected.
- Version 6.4.0.8 is affected.
- Version 6.6.0 is affected.
- Version 6.4.0.9 is affected.
- Version 6.2.3.16 is affected.
- Version 6.6.0.1 is affected.
- Version 6.6.1 is affected.
- Version 6.4.0.10 is affected.
- Version 6.4.0.11 is affected.
- Version 6.6.3 is affected.
- Version 6.6.4 is affected.
- Version 6.4.0.12 is affected.
- Version 7.0.0 is affected.
- Version 6.2.3.17 is affected.
- Version 7.0.0.1 is affected.
- Version 6.6.5 is affected.
- Version 7.0.1 is affected.
- Version 7.1.0 is affected.
- Version 6.4.0.13 is affected.
- Version 6.6.5.1 is affected.
- Version 6.2.3.18 is affected.
- Version 7.0.1.1 is affected.
- Version 6.4.0.14 is affected.
- Version 7.1.0.1 is affected.
- Version 6.6.5.2 is affected.
- Version 7.0.2 is affected.
- Version 6.4.0.15 is affected.
- Version 7.2.0 is affected.
- Version 7.0.2.1 is affected.
- Version 7.0.3 is affected.
- Version 6.6.7 is affected.
- Version 7.1.0.2 is affected.
- Version 7.2.0.1 is affected.
- Version 7.0.4 is affected.
- Version 7.2.1 is affected.
- Version 7.0.5 is affected.
- Version 6.4.0.16 is affected.
- Version 7.3.0 is affected.
- Version 7.2.2 is affected.
- Version 7.2.3 is affected.
- Version 6.6.7.1 is affected.
- Version 7.3.1 is affected.
- Version 7.1.0.3 is affected.
- Version 7.2.4 is affected.
- Version 7.0.6 is affected.
- Version 7.2.5 is affected.
- Version 7.2.4.1 is affected.
- Version 7.3.1.1 is affected.
- Version 7.4.0 is affected.
- Version 6.4.0.17 is affected.
- Version 7.0.6.1 is affected.
- Version 7.2.5.1 is affected.
- Version 7.4.1 is affected.
- Version 7.2.6 is affected.
- Version 7.0.6.2 is affected.
- Version 7.4.1.1 is affected.
- Version 6.6.7.2 is affected.
- Version 6.4.0.18 is affected.
- Version 7.2.7 is affected.
- Version 7.2.5.2 is affected.
- Version 7.3.1.2 is affected.
- Version 7.2.8 is affected.
- Version 7.6.0 is affected.
- Version 7.4.2 is affected.
- Version 7.2.8.1 is affected.
- Version 7.0.6.3 is affected.
- Version 7.4.2.1 is affected.
- Version 7.2.9 is affected.
Exploit Probability
EPSS
0.06%
Percentile
18.16%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.