Cisco has released a critical security advisory warning customers about a high-severity vulnerability affecting its Secure Firewall Threat Defense software that could allow attackers to disrupt network operations through denial of service attacks.
Critical Vulnerability Details
The vulnerability, designated CVE-2025-20217 and tracked as advisory cisco-sa-ftd-dos-SvKhtjgt, affects the Snort 3 Detection Engine component of Cisco’s Secure Firewall Threat Defense (FTD) Software.
With a CVSS base score of 8.6, the flaw is classified as high severity and was first published on August 14, 2025.
The security issue stems from the incorrect processing of network traffic during packet inspection.
An unauthenticated, remote attacker can exploit this vulnerability by sending specially crafted traffic through affected devices, potentially causing the system to enter an infinite loop during traffic inspection.
This results in a denial of service condition that can disrupt critical network security functions.
Impact and Affected Systems
The vulnerability specifically targets Cisco devices running vulnerable releases of Cisco Secure FTD Software that have intrusion policies enabled with the Snort 3 engine active.
When successfully exploited, the attack causes the affected device to become unresponsive during traffic inspection, though Cisco notes that the system watchdog will automatically restart the Snort process.
Organizations can determine if their systems are vulnerable by checking whether Snort 3 is actively running on their Cisco Secure FTD Software installations.
Only devices with Snort 3 enabled are susceptible to this particular attack vector.
No Workarounds Available
Cisco has confirmed that no workarounds exist to mitigate this vulnerability, making software updates the only viable solution for affected organizations.
The company has released free software updates that completely address the security flaw, and customers with active service contracts can obtain these fixes through their regular update channels.
Several Cisco products remain unaffected by this vulnerability, including Secure Firewall Adaptive Security Appliance (ASA) Software, Secure Firewall Management Center (FMC) Software, and various other security platforms in Cisco’s portfolio.
Response and Recommendations
The vulnerability was discovered during the resolution of a Cisco Technical Assistance Center support case, and the company’s Product Security Incident Response Team reports no evidence of active exploitation or public announcements regarding malicious use of this flaw.
This advisory is part of Cisco’s August 2025 semiannual security advisory bundle for Secure Firewall products. Customers are strongly encouraged to apply the available software updates immediately to protect their network infrastructure from potential attacks.
Organizations without service contracts can contact Cisco’s Technical Assistance Center for upgrade assistance, provided they can demonstrate entitlement through product serial numbers and reference to this security advisory.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1)%20(1).webp?resize=1600,900&ssl=1&description=The vulnerability, designated CVE-2025-20217 and tracked as advisory cisco-sa-ftd-dos-SvKhtjgt,){kind=link}