CVE-2025-20183

A vulnerability in a policy-based Cisco Application Visibility and Control (AVC) implementation of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to evade the antivirus scanner and download a malicious file onto an endpoint. 

The vulnerability is due to improper handling of a crafted range request header. An attacker could exploit this vulnerability by sending an HTTP request with a crafted range request header through the affected device. A successful exploit could allow the attacker to evade the antivirus scanner and download malware onto the endpoint without detection by Cisco Secure Web Appliance.

Published: Feb 5, 2025
Updated: May 4, 2025
CVE: CVE-2025-20183
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / asyncos	11.8.0-414	11.8.0-414.x
cisco / asyncos	11.8.0-429	11.8.0-429.x
cisco / asyncos	11.8.0-453	11.8.0-453.x
cisco / asyncos	11.8.1-023	11.8.1-023.x
cisco / asyncos	11.8.3-018	11.8.3-018.x
cisco / asyncos	11.8.3-021	11.8.3-021.x
cisco / asyncos	11.8.4-004	11.8.4-004.x
cisco / asyncos	12.0.1-268	12.0.1-268.x
cisco / asyncos	12.0.1-334	12.0.1-334.x
cisco / asyncos	12.0.2-004	12.0.2-004.x
cisco / asyncos	12.0.2-012	12.0.2-012.x
cisco / asyncos	12.0.3-005	12.0.3-005.x
cisco / asyncos	12.0.3-007	12.0.3-007.x
cisco / asyncos	12.0.4-002	12.0.4-002.x
cisco / asyncos	12.0.5-011	12.0.5-011.x
cisco / asyncos	12.5.1-011	12.5.1-011.x
cisco / asyncos	12.5.1-043	12.5.1-043.x
cisco / asyncos	12.5.2-007	12.5.2-007.x
cisco / asyncos	12.5.2-011	12.5.2-011.x
cisco / asyncos	12.5.3-002	12.5.3-002.x
cisco / asyncos	12.5.4-005	12.5.4-005.x
cisco / asyncos	12.5.4-011	12.5.4-011.x
cisco / asyncos	12.5.5-004	12.5.5-004.x
cisco / asyncos	12.5.5-005	12.5.5-005.x
cisco / asyncos	12.5.5-008	12.5.5-008.x
cisco / asyncos	12.5.6-008	12.5.6-008.x
cisco / asyncos	14.0.1-014	14.0.1-014.x
cisco / asyncos	14.0.1-040	14.0.1-040.x
cisco / asyncos	14.0.1-053	14.0.1-053.x
cisco / asyncos	14.0.1-503	14.0.1-503.x
cisco / asyncos	14.0.2-012	14.0.2-012.x
cisco / asyncos	14.0.3-014	14.0.3-014.x
cisco / asyncos	14.0.4-005	14.0.4-005.x
cisco / asyncos	14.0.5-007	14.0.5-007.x
cisco / asyncos	14.1.0-032	14.1.0-032.x
cisco / asyncos	14.1.0-041	14.1.0-041.x
cisco / asyncos	14.1.0-047	14.1.0-047.x
cisco / asyncos	14.5.0-498	14.5.0-498.x
cisco / asyncos	14.5.0-537	14.5.0-537.x
cisco / asyncos	14.5.0-673	14.5.0-673.x
cisco / asyncos	14.5.1-008	14.5.1-008.x
cisco / asyncos	14.5.1-016	14.5.1-016.x
cisco / asyncos	14.5.1-510	14.5.1-510.x
cisco / asyncos	14.5.1-607	14.5.1-607.x
cisco / asyncos	14.5.2-011	14.5.2-011.x
cisco / asyncos	14.5.3-033	14.5.3-033.x
cisco / asyncos	15.0.0-322	15.0.0-322.x
cisco / asyncos	15.0.0-355	15.0.0-355.x
cisco / asyncos	15.1.0-287	15.1.0-287.x
cisco / asyncos	15.2.0-116	15.2.0-116.x
cisco / asyncos	15.2.0-164	15.2.0-164.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-swa-range-bypass-2BsEHYSu

Vulnerability Database

CVE-2025-20183