Cisco Secure Firewall Snort 3 Detection Engine Vulnerability Enables DoS Attacks

15/08/2025

Critical security flaw CVE-2025-20217 allows unauthenticated attackers to trigger denial-of-service conditions in Cisco’s widely deployed firewall systems

Cisco has disclosed a high-severity vulnerability in its Secure Firewall Threat Defense (FTD) Software that could allow remote attackers to cause denial-of-service conditions through the Snort 3 Detection Engine.

The vulnerability, tracked as CVE-2025-20217 with a CVSS score of 8.6, was published on August 14, 2025, as part of Cisco’s semiannual security advisory bundle.

The flaw exists in the packet inspection functionality of the Snort 3 Detection Engine, a core component responsible for analyzing and filtering network traffic for threats.

The vulnerability stems from incorrect processing of traffic during packet inspection, creating a critical weakness in devices running vulnerable versions of Cisco Secure FTD Software with Snort 3 enabled.

According to Cisco’s advisory, an unauthenticated, remote attacker can exploit this vulnerability by sending crafted traffic through the affected device.

The improper handling of these specially crafted packets causes the affected device to enter an infinite loop while inspecting traffic, resulting in a denial-of-service condition.

The vulnerability is classified under CWE-835 (Loop with Unreachable Exit Condition), indicating a fundamental flaw in the detection engine’s logic.

Snort 3 Detection Engine Vulnerability

When successfully exploited, the vulnerability causes the Snort process to become trapped in an infinite loop, effectively stopping all traffic inspection until the system watchdog detects the issue and automatically restarts the Snort process. This creates a temporary but significant security gap during which malicious traffic could pass through undetected.

The attack requires no authentication and can be executed remotely, making it particularly dangerous for internet-facing Cisco FTD devices. While the system watchdog provides automatic recovery by restarting the Snort process, the temporary loss of inspection capabilities could be exploited by sophisticated attackers to launch coordinated attacks.

The vulnerability impacts Cisco devices running vulnerable releases of Cisco Secure FTD Software with an intrusion policy enabled that has the Snort 3 engine running. Organizations must verify that Snort 3 is actively running on their systems, as the vulnerability cannot be exploited if Snort 3 is not active.

Cisco has confirmed that several products are not affected by this vulnerability, including Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Management Center (FMC) Software, and both Open Source Snort 2 and Snort 3 Software.

Unlike many security vulnerabilities, Cisco has explicitly stated that no workarounds are available to address this issue. This leaves organizations with only one option: applying the software updates released by Cisco. The company has released free software updates that completely address the vulnerability.

This vulnerability adds to a growing list of security issues affecting Cisco’s firewall and VPN products. Recent months have seen multiple high-severity flaws disclosed, including CVE-2025-20265 (CVSS 10.0) affecting Secure Firewall Management Center and several other denial-of-service vulnerabilities in ASA and FTD products.

Security researchers have noted that Cisco has a history of vulnerabilities in its Snort detection engine and FTD product line, including multiple denial-of-service vulnerabilities related to packet inspection and traffic handling.

While Cisco typically responds with prompt advisories and patches, the recurring nature of these issues underscores the importance of timely patch management for organizations relying on Cisco security products.

As of the publication date, the Cisco Product Security Incident Response Team (PSIRT) reported that it is not aware of any public announcements or malicious use of the vulnerability.

The vulnerability was discovered during the resolution of a Cisco Technical Assistance Center (TAC) support case rather than through external threat intelligence.

Given the remote, unauthenticated nature of the attack vector and the critical role that Cisco FTD devices play in enterprise network security, security experts are advising organizations to prioritize patching efforts.

The temporary loss of traffic inspection capabilities during exploitation could provide attackers with windows of opportunity to infiltrate networks or exfiltrate data undetected.

Organizations using Cisco Secure Firewall Threat Defense Software are strongly advised to immediately assess their exposure using Cisco’s Software Checker tool and apply the available security updates to prevent potential exploitation of this critical vulnerability.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source: cybersecuritynews.com

This survival horror game with 96% positive reviews is at its lowest price ever on Steam, if you're quick

The Steam Autumn Sale is coming to an end, so now is the time to pick up those deals you've been thinking about. If you're still looking for a good discount to pull the trigger on, how about grabbing a horror game to get into the October spirit? Source: xda-developers.com … [Read More...]

Kuttram Purindhavan: The Guilty One OTT Release: Pasupathy’s Gripping Thriller Coming Soon

Kuttram Purindhavan: The Guilty One is an intense Tamil suspense thriller which looks at the moralities, secrets and consequences of hidden sins. Driven by Pasupathy's commanding central performance, the series looks at how one man's actions start to infect him with guilt, turmoil and moral ambiguity. A reluctant protagonist driven to desperation, the story holds out cerebral tension and internal … [Read More...]

Someone built an ESP32 handheld NES emulator as their "first embedded project," and I wish all my first projects went this well, too

My first projects don't always turn out as planned. But that's okay, you know? Because the first time is always a learning experience. It's all about getting accustomed to the situation, figuring out how to accomplish tasks, and laying a foundation for future endeavors. And I remind myself that those early projects are essential, as a way to "fail forward" and keep improving. And I love them for … [Read More...]

Tornado OTT Release Date: When and Where to Watch This British Period Drama Online?

Written and directed by John Maclean, Tornado is a British period drama movie that stars Koki in the lead role. The film revolves around Tornado, a samurai fighter, who embarks on a quest to take revenge for his father's murder and steal the gold of the loot. However, things get intense when she finally crosses paths with a crime gang led by the Sugarman and his son, Little Sugar. The movie has … [Read More...]

New WireTap Attack Break Server SGX To Exfiltrate Sensitive Data

A newly disclosed vulnerability, named the WireTap attack, allows attackers with physical access to break the security of Intel’s Software Guard eXtensions (SGX) on modern server processors and steal sensitive information. A research paper released in October 2025 details how this method can extract cryptographic keys from supposedly secure SGX enclaves using a low-cost setup, challenging the … [Read More...]

Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code

Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform. The flaw, designated CVE-2025-59489, exposes applications built with vulnerable Unity Editor versions to unsafe file loading attacks that could enable local code execution and privilege escalation across multiple operating … [Read More...]

Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users

Microsoft has announced a significant security enhancement for Outlook users, implementing the retirement of inline SVG image support across Outlook for Web and the new Outlook for Windows platforms. This change represents a proactive measure to strengthen email security infrastructure and protect users from potential cybersecurity threats. The rollout timeline has been strategically … [Read More...]

5 tips for setting up guest Wi-Fi that isn't a danger to your home

Having guests over is great until they ask for the Wi-Fi password. I'm then faced with the awkward dance of finding that crumpled sticky note, dictating a convoluted string of alphanumeric characters, and hoping they type it in correctly. But the real problem is how guests feel like I'm inviting a security nightmare home. Digitally, handing out my main Wi-Fi password is like giving a stranger a … [Read More...]

Acer Chromebook Plus Spin 514 review: a versatile, convertible powerhouse

A good Chromebook can sometimes be hard to find. Many ChromeOS devices are too underpowered to really do much beyond browse the web and manage your email, or they suffer from poor build quality, dim displays, or uncomfortable keyboards. But that's not the case with the new Acer Chromebook Plus Spin 514. Source: xda-developers.com … [Read More...]

Wolverine: 4 Marvel characters we'd love to see meet up with Logan

During the State of Play presentation for September 2025, Insomniac Game finally gave everyone an official first look at their upcoming Wolverine game. What was very clear from the start was that this would be different from what fans have come to expect from the studio, given their Spider-Man titles were wildly successful. For many people who love Marvel Comics, Wolverine is a character that … [Read More...]