VDB
CVE-2025-20360
CVE-2025-20360
PUBLISHED
CVSS 5.800000190734863 MEDIUM
Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart. This vulnerability is due to a lack of complete error checking when the MIME fields of the HTTP header are parsed. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection to be parsed by Snort 3. A successful exploit could allow the attacker to cause a DoS condition when the Snort 3 Detection Engine unexpectedly restarts.
EPSS 0.08% · 24.3th percentile
Risk Scores
CVSS 3.1
5.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
EPSS Score
0.08%
24.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Secure Firewall Threat Defense (FTD) Software | 7.3.0, 7.3.1.1, 7.4.1 |
| Cisco | Cisco Cyber Vision | 3.0.0, 3.0.2, 3.0.3 |
Exploit Intelligence
- CIRCL seen: CVE-2025-20360 (circl-sighting)
- cisco-sa-snort3-mime-vulns-tTL8PgVH (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Oct 15, 2025 Coalition ESS Score
- Oct 15, 2025 CVE Published
- Oct 16, 2025 EPSS Score
- Oct 17, 2025 Coalition ESS Score
- Oct 22, 2025 EPSS Score
- Oct 28, 2025 EPSS Score
- Nov 3, 2025 EPSS Score
- Nov 9, 2025 EPSS Score
- Nov 10, 2025 Coalition ESS Score
- Nov 15, 2025 EPSS Score
- Nov 18, 2025 Coalition ESS Score