CVE-2025-20238
CVE-2025-20238
In short
A vulnerability in Cisco Secure Firewall ASA and FTD allows an authenticated administrator to execute arbitrary commands with root privileges due to insufficient input validation. An attacker with valid admin credentials can exploit this by submitting specially crafted input to specific commands.
Technical detail
CWE-1244 insufficiency validation flaw allows authenticated local attackers with administrative credentials to bypass command input filtering and execute arbitrary OS-level commands as root. The attack vector requires valid credentials and interaction with specific vulnerable command handlers; successful exploitation grants complete system compromise at the highest privilege level.
Summary generated and translated by AI from the official description.
A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with root-level privileges. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying operating system as root.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
Cisco · Cisco Adaptive Security Appliance (ASA) SoftwareCisco · Cisco Firepower Threat Defense SoftwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →