Latest Cisco firewall vulnerabilities #

Cisco has disclosed three vulnerabilities on certain versions of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software. There is evidence that these vulnerabilities (CVE-2025-20333, CVE-2025-20362) are being actively exploited in the wild.

  • A vulnerability in the VPN web server of Cisco ASA and Cisco FTD software could allow an authenticated, remote adversary to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An adversary with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the adversary to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device. This vulnerability has been designated CVE-2025-20333 and has been rated critical with a CVSS score of 9.9.
  • A vulnerability in the web services of Cisco ASA, Cisco FTD, Cisco IOS, Cisco IOS XE, and Cisco IOS XR software could allow an unauthenticated, remote adversary (Cisco ASA and FTD) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR) with low user privileges to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An adversary could exploit this vulnerability by sending crafted HTTP requests to a targeted web service on an affected device after obtaining additional information about the system, overcoming exploit mitigations, or both. A successful exploit could allow the adversary to execute arbitrary code as root, which may lead to the complete compromise of the affected device. This vulnerability has been designated CVE-2025-20363 and has been rated critical with a CVSS score of 9.0.
  • A vulnerability in the VPN web server of Cisco ASA and Cisco FTD software could allow an unauthenticated, remote adversary to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An adversary could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the adversary to access a restricted URL without authentication. This vulnerability has been designated CVE-2025-20362 and has been rated medium with a CVSS score of 6.5.

The following versions are affected

    What is the impact? #

    Successful exploitation of the vulnerability would allow an adversary to execute arbitrary code on the vulnerable host, potentially leading to complete system compromise.

    Are updates or workarounds available? #

    Users are encouraged to update to the latest version as quickly as possible:

    How to find potentially vulnerable systems with runZero #

    From the Asset Inventory, use the following query to locate potentially impacted assets:

    (os:="Cisco Adaptive Security Appliance" OR hw:="Cisco ASA%") AND (protocol:http OR protocol:tls)

    Written by Matthew Kienow

    Matthew Kienow is a software engineer and security researcher. Matthew previously worked on the Recog recognition framework, AttackerKB as well as Metasploit's MSF 5 APIs. He has also designed, built, and successfully deployed many secure software solutions; however, often he enjoys breaking them instead. He has presented his research at various security conferences including DerbyCon, Hack In Paris, and CarolinaCon. His research has been cited by CSO, Threatpost and SC Magazine.

    More about Matthew Kienow
    Subscribe Now

    Get the latest news and expert insights delivered in your inbox.

    Welcome to the club! Your subscription to our newsletter is successful.

    See Results in Minutes

    See & secure your total attack surface. Even the unknowns & unmanageable.