Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer handling when the MIME fields of the HTTP header are parsed. This can result in a buffer under-read. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to induce one of two possible outcomes: the unexpected restarting of the Snort 3 Detection Engine, which could cause a denial of service (DoS) condition, or information disclosure of sensitive information in the Snort 3 data stream. Due to the under-read condition, it is possible that sensitive information that is not valid connection data could be returned.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Vendors Products
Cisco
  • Cyber Vision
  • Secure Firewall Threat Defense
  • Utd Snort Ips Engine Software

No data.

No data.

References
Link Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH cve-icon cve-icon
History

Tue, 21 Oct 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Cisco
Cisco cyber Vision
Cisco secure Firewall Threat Defense
Cisco utd Snort Ips Engine Software
Vendors & Products Cisco
Cisco cyber Vision
Cisco secure Firewall Threat Defense
Cisco utd Snort Ips Engine Software

Wed, 15 Oct 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Oct 2025 16:30:00 +0000

Type Values Removed Values Added
Description Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive data or cause the Snort 3 Detection Engine to crash. This vulnerability is due to an error in the logic of buffer handling when the MIME fields of the HTTP header are parsed. This can result in a buffer under-read. An attacker could exploit this vulnerability by sending crafted HTTP packets through an established connection that is parsed by Snort 3. A successful exploit could allow the attacker to induce one of two possible outcomes: the unexpected restarting of the Snort 3 Detection Engine, which could cause a denial of service (DoS) condition, or information disclosure of sensitive information in the Snort 3 data stream. Due to the under-read condition, it is possible that sensitive information that is not valid connection data could be returned.
Title Multiple Cisco Products Snort 3 MIME Information Disclosure or Denial of Service Vulnerability
Weaknesses CWE-127
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-10-15T16:17:31.374Z

Updated: 2025-10-15T17:43:38.689Z

Reserved: 2024-10-10T19:15:13.258Z

Link: CVE-2025-20359

cve-icon Vulnrichment

Updated: 2025-10-15T17:43:34.819Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-10-15T17:15:49.230

Modified: 2025-10-16T15:28:59.610

Link: CVE-2025-20359

cve-icon Redhat

No data.