Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities
TL;DR 📌
Multiple Cisco products are affected by vulnerabilities in the Snort 3 MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or restart, leading to a denial of service. Cisco has released software updates to address these vulnerabilities, but no workarounds are available.
What happened 🕵️♂️
Cisco has identified vulnerabilities in the HTTP Multipurpose Internet Mail Extensions (MIME) Decoder within Snort 3, which could be exploited by an unauthenticated remote attacker. These vulnerabilities may lead to the disclosure of sensitive information or cause the Snort 3 Detection Engine to restart unexpectedly, resulting in a denial of service (DoS) condition.
Affected products 🖥️
The following products are affected by these vulnerabilities:
- Open Source Snort 3
- Cisco Secure Firewall Threat Defense Software (if Snort 3 is configured)
- Cisco IOS XE Software (if running a vulnerable release of Unified Threat Defense Snort IPS Engine)
- Cisco Meraki products (specific models listed in the advisory)
- Cisco Cyber Vision
Fixed software 🔧
Upgrade to the first fixed release in your train (or later):
| Release / Product | First Fixed Release | Notes |
|---|---|---|
| 3.x | 3.9.1.0 | |
| 5.2 | Migrate to a fixed release. | |
| 5.3 | Not vulnerable. | |
| 1.0 | Initial public release. |
Workarounds 🧯
There are no workarounds available for these vulnerabilities.
Risk in context 🎯
The vulnerabilities present a medium risk (CVSS score of 6.5) due to the potential for information disclosure and denial of service. The attack vector is unauthenticated and remote, which increases the likelihood of exploitation. Organizations using affected Cisco products should prioritize applying the available patches to mitigate the risks.
Fast facts ⚡
- CVSS Score: 6.5 (Medium)
- Vulnerabilities: CVE-2025-20359 and CVE-2025-20360
- Impact: Information disclosure and denial of service
- Workarounds: None available
- Fixed Software: Available for specific versions of Snort 3 and Cisco Secure Firewall
For leadership 🧭
Cisco has identified medium-severity vulnerabilities in multiple products that could allow unauthorized access to sensitive information or lead to service disruptions. The highest CVSS score is 6.5, indicating a medium risk. The vulnerabilities are exploitable remotely without authentication, increasing exposure risk. Immediate remediation is required through software updates, with a recommended timeframe of patching within 7 days. The operational impact is expected to be minimal, involving a brief maintenance window with no anticipated configuration drift.
Now: Identify affected products and prioritize patching.
Next: Monitor for updates from Cisco regarding fixed software releases.
Later: Review security posture and consider additional protective measures against potential exploitation.