Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-20183

A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint.  The vulnerability is due to improper handling of a crafted range request header. An attacker could exploit this vulnerability by sending an HTTP request with a crafted range request header through the affected device. A successful exploit could allow the attacker to evade the antivirus scanner and download malware onto the endpoint without detection by Cisco Secure Web Appliance.

Published

2025-02-05T17:15:25.527

Last Modified

2025-08-05T19:28:30.367

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.8 (MEDIUM)

Weaknesses

Type: Primary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	asyncos	11.8.0-414	Yes
Operating System	cisco	asyncos	11.8.0-429	Yes
Operating System	cisco	asyncos	11.8.0-453	Yes
Operating System	cisco	asyncos	11.8.1-023	Yes
Operating System	cisco	asyncos	11.8.3-018	Yes
Operating System	cisco	asyncos	11.8.3-021	Yes
Operating System	cisco	asyncos	11.8.4-004	Yes
Operating System	cisco	asyncos	12.0.1-268	Yes
Operating System	cisco	asyncos	12.0.1-334	Yes
Operating System	cisco	asyncos	12.0.2-004	Yes
Operating System	cisco	asyncos	12.0.2-012	Yes
Operating System	cisco	asyncos	12.0.3-005	Yes
Operating System	cisco	asyncos	12.0.3-007	Yes
Operating System	cisco	asyncos	12.0.4-002	Yes
Operating System	cisco	asyncos	12.0.5-011	Yes
Operating System	cisco	asyncos	12.5.1-011	Yes
Operating System	cisco	asyncos	12.5.1-043	Yes
Operating System	cisco	asyncos	12.5.2-007	Yes
Operating System	cisco	asyncos	12.5.2-011	Yes
Operating System	cisco	asyncos	12.5.3-002	Yes
Operating System	cisco	asyncos	12.5.4-005	Yes
Operating System	cisco	asyncos	12.5.4-011	Yes
Operating System	cisco	asyncos	12.5.5-004	Yes
Operating System	cisco	asyncos	12.5.5-005	Yes
Operating System	cisco	asyncos	12.5.5-008	Yes
Operating System	cisco	asyncos	12.5.6-008	Yes
Operating System	cisco	asyncos	14.0.1-014	Yes
Operating System	cisco	asyncos	14.0.1-040	Yes
Operating System	cisco	asyncos	14.0.1-053	Yes
Operating System	cisco	asyncos	14.0.1-503	Yes
Operating System	cisco	asyncos	14.0.2-012	Yes
Operating System	cisco	asyncos	14.0.3-014	Yes
Operating System	cisco	asyncos	14.0.4-005	Yes
Operating System	cisco	asyncos	14.0.5-007	Yes
Operating System	cisco	asyncos	14.1.0-032	Yes
Operating System	cisco	asyncos	14.1.0-041	Yes
Operating System	cisco	asyncos	14.1.0-047	Yes
Operating System	cisco	asyncos	14.5.0-498	Yes
Operating System	cisco	asyncos	14.5.0-537	Yes
Operating System	cisco	asyncos	14.5.0-673	Yes
Operating System	cisco	asyncos	14.5.1-008	Yes
Operating System	cisco	asyncos	14.5.1-016	Yes
Operating System	cisco	asyncos	14.5.1-510	Yes
Operating System	cisco	asyncos	14.5.1-607	Yes
Operating System	cisco	asyncos	14.5.2-011	Yes
Operating System	cisco	asyncos	14.5.3-033	Yes
Operating System	cisco	asyncos	15.0.0-322	Yes
Operating System	cisco	asyncos	15.0.0-355	Yes
Operating System	cisco	asyncos	15.1.0-287	Yes
Operating System	cisco	asyncos	15.2.0-116	Yes
Operating System	cisco	asyncos	15.2.0-164	Yes
Application	cisco	secure_web_appliance_virtual_s1000v	-	No
Application	cisco	secure_web_appliance_virtual_s100v	-	No
Application	cisco	secure_web_appliance_virtual_s300v	-	No
Application	cisco	secure_web_appliance_virtual_s600v	-	No
Hardware	cisco	secure_web_appliance_s196	-	No
Hardware	cisco	secure_web_appliance_s396	-	No
Hardware	cisco	secure_web_appliance_s696	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-range-bypass-2BsEHYSu Vendor Advisory ([email protected])