VDB
CVE-2025-20339
CVE-2025-20339
PUBLISHED
CVSS 5.800000190734863 MEDIUM
A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to the improper enforcement of the implicit deny all at the end of a configured ACL. An attacker could exploit this vulnerability by attempting to send unauthorized traffic to an interface on an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.
EPSS 0.03% · 10.0th percentile
Risk Scores
CVSS 3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
EPSS Score
0.03%
10.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco SD-WAN vEdge Cloud | 20.9.1.1, 20.9.2.3, 20.9.4 |
| Cisco | Cisco SD-WAN vEdge Router | 20.3.7.1, 20.4.2.3, 20.9.2.2 |
Exploit Intelligence
- cisco-sa-defaultacl-pSJk9nVF (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Sep 24, 2025 CVE Published
- Sep 24, 2025 CVE Updated
- Sep 25, 2025 EPSS Score
- Oct 2, 2025 EPSS Score
- Oct 3, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 9, 2025 EPSS Score
- Oct 15, 2025 EPSS Score
- Oct 22, 2025 EPSS Score
- Oct 27, 2025 Coalition ESS Score
- Oct 29, 2025 EPSS Score