CVE-2025-20225

Name of the Vulnerable Software and Affected Versions: Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified) Cisco Adaptive Security Appliance (ASA) Software (affected versions not specified) Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description: A flaw exists in the Internet Key Exchange Version 2 (IKEv2) feature that may allow a remote attacker to trigger a memory leak, potentially leading to a denial-of-service (DoS) condition. The issue is due to improper processing of IKEv2 packets. In Cisco IOS and IOS XE Software, a successful exploit could cause the device to reload unexpectedly. In Cisco ASA and FTD Software, a successful exploit could lead to partial system memory exhaustion, causing instability and preventing the establishment of new IKEv2 VPN sessions. A manual reboot of the device is required to recover.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.