CVE-2025-20182: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing affects multiple Cisco products including Adaptive Security Appliance (ASA) Software, Firepower Threat Defense (FTD) Software, IOS Software, and IOS XE Software. The vulnerability (CVE-2025-20182) was disclosed on May 7, 2025, and received a CVSS base score of 8.6 (High). The U.S. National Security Agency (NSA) reported this vulnerability to Cisco (Cisco Advisory).

The vulnerability stems from insufficient input validation when processing IKEv2 messages. It has been assigned CWE-787 (Out-of-bounds Write) classification. The vulnerability received a CVSS v3.1 base score of 8.6 with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H (NVD).

A successful exploit could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability affects devices running vulnerable releases of Cisco ASA, FTD, IOS, or IOS XE Software that have the IKEv2 protocol enabled (Cisco Advisory).

Cisco has released software updates that address this vulnerability. There are no workarounds available that address this vulnerability. Organizations using affected products should apply the appropriate patches as soon as possible. Customers can use the Cisco Software Checker to identify any Cisco Security Advisories that impact specific software releases (Cisco Advisory).

The vulnerability was included in Cisco's semiannual IOS and IOS XE Software Security Advisory Bundled Publication released on May 7, 2025. This bundle contained 20 Cisco Security Advisories describing 26 vulnerabilities in total (SecurityWeek).