CVE-2025-20237: Root Priv. Escalation via Cmd. Injection in Cisco ASA/FTD
CVE-2025-20237 Published on August 14, 2025
A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
Vulnerability Analysis
CVE-2025-20237 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
NONE
Weakness Type
Improper Neutralization of Expression/Command Delimiters
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component. As data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected actions.
Products Associated with CVE-2025-20237
Want to know whenever a new CVE is published for Cisco Adaptive Security Appliance? stack.watch will email you.
Affected Versions
Cisco Adaptive Security Appliance (ASA) Software:- Version 9.8.1 is affected.
- Version 9.8.1.5 is affected.
- Version 9.8.1.7 is affected.
- Version 9.8.2 is affected.
- Version 9.8.2.8 is affected.
- Version 9.8.2.14 is affected.
- Version 9.8.2.15 is affected.
- Version 9.8.2.17 is affected.
- Version 9.8.2.20 is affected.
- Version 9.8.2.24 is affected.
- Version 9.8.2.26 is affected.
- Version 9.8.2.28 is affected.
- Version 9.8.2.33 is affected.
- Version 9.8.2.35 is affected.
- Version 9.8.2.38 is affected.
- Version 9.8.3.8 is affected.
- Version 9.8.3.11 is affected.
- Version 9.8.3.14 is affected.
- Version 9.8.3.16 is affected.
- Version 9.8.3.18 is affected.
- Version 9.8.3.21 is affected.
- Version 9.8.3 is affected.
- Version 9.8.3.26 is affected.
- Version 9.8.3.29 is affected.
- Version 9.8.4 is affected.
- Version 9.8.4.3 is affected.
- Version 9.8.4.7 is affected.
- Version 9.8.4.8 is affected.
- Version 9.8.4.10 is affected.
- Version 9.8.4.12 is affected.
- Version 9.8.4.15 is affected.
- Version 9.8.4.17 is affected.
- Version 9.8.2.45 is affected.
- Version 9.8.4.25 is affected.
- Version 9.8.4.20 is affected.
- Version 9.8.4.22 is affected.
- Version 9.8.4.26 is affected.
- Version 9.8.4.29 is affected.
- Version 9.8.4.32 is affected.
- Version 9.8.4.33 is affected.
- Version 9.8.4.34 is affected.
- Version 9.8.4.35 is affected.
- Version 9.8.4.39 is affected.
- Version 9.8.4.40 is affected.
- Version 9.8.4.41 is affected.
- Version 9.8.4.43 is affected.
- Version 9.8.4.44 is affected.
- Version 9.8.4.45 is affected.
- Version 9.8.4.46 is affected.
- Version 9.8.4.48 is affected.
- Version 9.12.1 is affected.
- Version 9.12.1.2 is affected.
- Version 9.12.1.3 is affected.
- Version 9.12.2 is affected.
- Version 9.12.2.4 is affected.
- Version 9.12.2.5 is affected.
- Version 9.12.2.9 is affected.
- Version 9.12.3 is affected.
- Version 9.12.3.2 is affected.
- Version 9.12.3.7 is affected.
- Version 9.12.4 is affected.
- Version 9.12.3.12 is affected.
- Version 9.12.3.9 is affected.
- Version 9.12.2.1 is affected.
- Version 9.12.4.2 is affected.
- Version 9.12.4.4 is affected.
- Version 9.12.4.7 is affected.
- Version 9.12.4.10 is affected.
- Version 9.12.4.13 is affected.
- Version 9.12.4.8 is affected.
- Version 9.12.4.18 is affected.
- Version 9.12.4.24 is affected.
- Version 9.12.4.26 is affected.
- Version 9.12.4.29 is affected.
- Version 9.12.4.30 is affected.
- Version 9.12.4.35 is affected.
- Version 9.12.4.37 is affected.
- Version 9.12.4.38 is affected.
- Version 9.12.4.39 is affected.
- Version 9.12.4.40 is affected.
- Version 9.12.4.41 is affected.
- Version 9.12.4.47 is affected.
- Version 9.12.4.48 is affected.
- Version 9.12.4.50 is affected.
- Version 9.12.4.52 is affected.
- Version 9.12.4.54 is affected.
- Version 9.12.4.55 is affected.
- Version 9.12.4.56 is affected.
- Version 9.12.4.58 is affected.
- Version 9.12.4.62 is affected.
- Version 9.12.4.65 is affected.
- Version 9.12.4.67 is affected.
- Version 9.14.1 is affected.
- Version 9.14.1.10 is affected.
- Version 9.14.1.6 is affected.
- Version 9.14.1.15 is affected.
- Version 9.14.1.19 is affected.
- Version 9.14.1.30 is affected.
- Version 9.14.2 is affected.
- Version 9.14.2.4 is affected.
- Version 9.14.2.8 is affected.
- Version 9.14.2.13 is affected.
- Version 9.14.2.15 is affected.
- Version 9.14.3 is affected.
- Version 9.14.3.1 is affected.
- Version 9.14.3.9 is affected.
- Version 9.14.3.11 is affected.
- Version 9.14.3.13 is affected.
- Version 9.14.3.18 is affected.
- Version 9.14.3.15 is affected.
- Version 9.14.4 is affected.
- Version 9.14.4.6 is affected.
- Version 9.14.4.7 is affected.
- Version 9.14.4.12 is affected.
- Version 9.14.4.13 is affected.
- Version 9.14.4.14 is affected.
- Version 9.14.4.15 is affected.
- Version 9.14.4.17 is affected.
- Version 9.14.4.22 is affected.
- Version 9.14.4.23 is affected.
- Version 9.14.4.24 is affected.
- Version 9.16.1 is affected.
- Version 9.16.1.28 is affected.
- Version 9.16.2 is affected.
- Version 9.16.2.3 is affected.
- Version 9.16.2.7 is affected.
- Version 9.16.2.11 is affected.
- Version 9.16.2.13 is affected.
- Version 9.16.2.14 is affected.
- Version 9.16.3 is affected.
- Version 9.16.3.3 is affected.
- Version 9.16.3.14 is affected.
- Version 9.16.3.15 is affected.
- Version 9.16.3.19 is affected.
- Version 9.16.3.23 is affected.
- Version 9.16.4 is affected.
- Version 9.16.4.9 is affected.
- Version 9.16.4.14 is affected.
- Version 9.16.4.18 is affected.
- Version 9.16.4.19 is affected.
- Version 9.16.4.27 is affected.
- Version 9.16.4.38 is affected.
- Version 9.16.4.39 is affected.
- Version 9.16.4.42 is affected.
- Version 9.16.4.48 is affected.
- Version 9.16.4.55 is affected.
- Version 9.16.4.57 is affected.
- Version 9.16.4.61 is affected.
- Version 9.16.4.62 is affected.
- Version 9.16.4.67 is affected.
- Version 9.16.4.70 is affected.
- Version 9.16.4.71 is affected.
- Version 9.16.4.76 is affected.
- Version 9.16.4.82 is affected.
- Version 9.17.1 is affected.
- Version 9.17.1.7 is affected.
- Version 9.17.1.9 is affected.
- Version 9.17.1.10 is affected.
- Version 9.17.1.11 is affected.
- Version 9.17.1.13 is affected.
- Version 9.17.1.15 is affected.
- Version 9.17.1.20 is affected.
- Version 9.17.1.30 is affected.
- Version 9.17.1.33 is affected.
- Version 9.17.1.39 is affected.
- Version 9.17.1.45 is affected.
- Version 9.17.1.46 is affected.
- Version 9.18.1 is affected.
- Version 9.18.1.3 is affected.
- Version 9.18.2 is affected.
- Version 9.18.2.5 is affected.
- Version 9.18.2.7 is affected.
- Version 9.18.2.8 is affected.
- Version 9.18.3 is affected.
- Version 9.18.3.39 is affected.
- Version 9.18.3.46 is affected.
- Version 9.18.3.53 is affected.
- Version 9.18.3.55 is affected.
- Version 9.18.3.56 is affected.
- Version 9.18.4 is affected.
- Version 9.18.4.5 is affected.
- Version 9.18.4.8 is affected.
- Version 9.18.4.22 is affected.
- Version 9.18.4.24 is affected.
- Version 9.18.4.29 is affected.
- Version 9.18.4.34 is affected.
- Version 9.18.4.40 is affected.
- Version 9.18.4.47 is affected.
- Version 9.18.4.50 is affected.
- Version 9.18.4.52 is affected.
- Version 9.18.4.53 is affected.
- Version 9.19.1 is affected.
- Version 9.19.1.5 is affected.
- Version 9.19.1.9 is affected.
- Version 9.19.1.12 is affected.
- Version 9.19.1.18 is affected.
- Version 9.19.1.22 is affected.
- Version 9.19.1.24 is affected.
- Version 9.19.1.27 is affected.
- Version 9.19.1.28 is affected.
- Version 9.19.1.31 is affected.
- Version 9.19.1.37 is affected.
- Version 9.19.1.38 is affected.
- Version 9.20.1 is affected.
- Version 9.20.1.5 is affected.
- Version 9.20.2 is affected.
- Version 9.20.2.10 is affected.
- Version 9.20.2.21 is affected.
- Version 9.20.2.22 is affected.
- Version 9.20.3 is affected.
- Version 9.20.3.4 is affected.
- Version 9.20.3.7 is affected.
- Version 9.20.3.9 is affected.
- Version 9.20.3.10 is affected.
- Version 9.20.3.13 is affected.
- Version 9.22.1.1 is affected.
- Version 9.22.1.3 is affected.
- Version 9.22.1.2 is affected.
- Version 9.22.1.6 is affected.
- Version 9.23.1 is affected.
- Version 6.2.3 is affected.
- Version 6.2.3.1 is affected.
- Version 6.2.3.2 is affected.
- Version 6.2.3.3 is affected.
- Version 6.2.3.4 is affected.
- Version 6.2.3.5 is affected.
- Version 6.2.3.6 is affected.
- Version 6.2.3.7 is affected.
- Version 6.2.3.8 is affected.
- Version 6.2.3.10 is affected.
- Version 6.2.3.11 is affected.
- Version 6.2.3.9 is affected.
- Version 6.2.3.12 is affected.
- Version 6.2.3.13 is affected.
- Version 6.2.3.14 is affected.
- Version 6.2.3.15 is affected.
- Version 6.2.3.16 is affected.
- Version 6.2.3.17 is affected.
- Version 6.2.3.18 is affected.
- Version 6.6.0 is affected.
- Version 6.6.0.1 is affected.
- Version 6.6.1 is affected.
- Version 6.6.3 is affected.
- Version 6.6.4 is affected.
- Version 6.6.5 is affected.
- Version 6.6.5.1 is affected.
- Version 6.6.5.2 is affected.
- Version 6.6.7 is affected.
- Version 6.6.7.1 is affected.
- Version 6.6.7.2 is affected.
- Version 6.4.0 is affected.
- Version 6.4.0.1 is affected.
- Version 6.4.0.3 is affected.
- Version 6.4.0.2 is affected.
- Version 6.4.0.4 is affected.
- Version 6.4.0.5 is affected.
- Version 6.4.0.6 is affected.
- Version 6.4.0.7 is affected.
- Version 6.4.0.8 is affected.
- Version 6.4.0.9 is affected.
- Version 6.4.0.10 is affected.
- Version 6.4.0.11 is affected.
- Version 6.4.0.12 is affected.
- Version 6.4.0.13 is affected.
- Version 6.4.0.14 is affected.
- Version 6.4.0.15 is affected.
- Version 6.4.0.16 is affected.
- Version 6.4.0.17 is affected.
- Version 6.4.0.18 is affected.
- Version 7.0.0 is affected.
- Version 7.0.0.1 is affected.
- Version 7.0.1 is affected.
- Version 7.0.1.1 is affected.
- Version 7.0.2 is affected.
- Version 7.0.2.1 is affected.
- Version 7.0.3 is affected.
- Version 7.0.4 is affected.
- Version 7.0.5 is affected.
- Version 7.0.6 is affected.
- Version 7.0.6.1 is affected.
- Version 7.0.6.2 is affected.
- Version 7.0.6.3 is affected.
- Version 7.0.7 is affected.
- Version 7.1.0 is affected.
- Version 7.1.0.1 is affected.
- Version 7.1.0.2 is affected.
- Version 7.1.0.3 is affected.
- Version 7.2.0 is affected.
- Version 7.2.0.1 is affected.
- Version 7.2.1 is affected.
- Version 7.2.2 is affected.
- Version 7.2.3 is affected.
- Version 7.2.4 is affected.
- Version 7.2.4.1 is affected.
- Version 7.2.5 is affected.
- Version 7.2.5.1 is affected.
- Version 7.2.6 is affected.
- Version 7.2.7 is affected.
- Version 7.2.5.2 is affected.
- Version 7.2.8 is affected.
- Version 7.2.8.1 is affected.
- Version 7.2.9 is affected.
- Version 7.3.0 is affected.
- Version 7.3.1 is affected.
- Version 7.3.1.1 is affected.
- Version 7.3.1.2 is affected.
- Version 7.4.0 is affected.
- Version 7.4.1 is affected.
- Version 7.4.1.1 is affected.
- Version 7.4.2 is affected.
- Version 7.4.2.1 is affected.
- Version 7.4.2.2 is affected.
- Version 7.6.0 is affected.
- Version 7.7.0 is affected.
Exploit Probability
EPSS
0.01%
Percentile
0.84%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.