CVE-2025-20252

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software (affected versions not specified)

Description: A vulnerability exists in the Internet Key Exchange Version 2 (IKEv2) module that could allow a remote, unauthenticated attacker to trigger a memory leak, leading to a denial of service (DoS) condition. This issue is caused by improper parsing of IKEv2 packets. An attacker could exploit this by sending a continuous stream of crafted IKEv2 packets to an affected device, potentially exhausting system memory and causing instability, such as the inability to establish new IKEv2 VPN sessions. A manual reboot of the device is required to recover.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.