CVE-2025-20359

Oct. 15, 2025, 5:15 p.m.

6.5
Medium

Description

Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer handling when the MIME fields of the HTTP header are parsed. This can result in a buffer under-read. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to induce one of two possible outcomes: the unexpected restarting of the Snort 3 Detection Engine, which could cause a denial of service (DoS) condition, or information disclosure of sensitive information in the Snort 3 data stream. Due to the under-read condition, it is possible that sensitive information that is not valid connection data could be returned.

Product(s) Impacted

Vendor Product Versions
Cisco
  • Snort
  • 3

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-127
Buffer Under-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a cisco snort 3 / / / / / / /

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH

Tags

psirt@cisco.com
CWE-127
2025-10-15
CVE-2025-20359

CVSS Score

6.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: NONE
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

    View Vector String

Timeline

Published: Oct. 15, 2025, 5:15 p.m.
Last Modified: Oct. 15, 2025, 5:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@cisco.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.