CVE-2025-20182

Name of the Vulnerable Software and Affected Versions Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified) Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified)

Description A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient input validation when processing IKEv2 messages. An attacker could exploit this by sending crafted IKEv2 traffic to an affected device, potentially causing the device to reload.

Recommendations For Cisco Adaptive Security Appliance (ASA) Software, consider temporarily disabling IKEv2 protocol processing until a patch is available. For Cisco Firepower Threat Defense (FTD) Software, restrict access to IKEv2 traffic to minimize the risk of exploitation. For Cisco IOS Software, avoid using IKEv2 protocol until the issue is resolved. For Cisco IOS XE Software, consider disabling IKEv2 message processing as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.