CVE-2025-20136

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified)

Description: A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation (NAT) DNS inspection could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This issue is due to an infinite loop condition that occurs when a device processes DNS packets with DNS inspection enabled and is configured for NAT44, NAT64, or NAT46. An attacker could exploit this by sending crafted DNS packets that match a static NAT rule with DNS inspection enabled. A successful exploit could allow the attacker to create an infinite loop and cause the device to reload, resulting in a DoS condition.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.