CVE-2025-20268 Information

Aug 15, 2025 cve

Description

A vulnerability in the Geolocation-Based Remote Access (RA) VPN feature of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region.

This vulnerability exists because the URL string is not fully parsed. An attacker could exploit this vulnerability by sending a crafted HTTP connection through the targeted device. A successful exploit could allow the attacker to bypass configured policies and gain access to a network where the connection should have been denied.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-ravpn-geobypass-9h38M37Z

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

5.8

CNNVD-202508-1706 (Published: 2025-08-14)

Share on:

CVE-2025-20268 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD