Two critical bugs in Cisco ASA and FTD: score 9.9 and risk of remote code execution – Against Invaders – Notícias de CyberSecurity para humanos.

Two critical bugs in Cisco ASA and FTD: score 9.9 and risk of remote code execution - Against Invaders - Notícias de CyberSecurity para humanos.

Redazione RHC:25 September 2025 19:29

Cisco has disclosed two critical vulnerabilities affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) firewalls, as well as other networking products. Both flaws allow arbitrary code execution and could lead to the complete compromise of affected devices.

CVE-2025-20363 – Code Execution via Web Services

The first vulnerability, identified as CVE-2025-20363 and with CVSS score 9.0 (critical) , affects the web services of:

  • Cisco Secure Firewall ASA Software
  • Cisco Secure Firewall FTD Software
  • Cisco IOS Software
  • Cisco IOS XE Software
  • Cisco IOS XR Software
Cisco Secure Firewall ASA Software Feature Possible Vulnerable Configuration
AnyConnect IKEv2 Remote Access (with client services) crypto ikev2 enable < interface name > client-services port < port_numbers >
Mobile User Security (MUS) webvpn
mus password
mus server enable < port_number >
mus < IPv4_address > < IPv4_mask > < interface_name >
SSL VPN webvpn
enable

For ASA and FTD firewalls, the flaw can be exploited by an unauthenticated remote attacker. For IOS, IOS XE, and IOS XR platforms, low-privilege credentials are required.

The root of the problem lies in improper input handling in HTTP requests. An attacker can send manipulated packets to exposed web services from a vulnerable device, allowing them to execute arbitrary code with root privileges. Such a compromise could result in complete system control.

CVE-2025-20333 – VPN Server Vulnerability

The second flaw, classified as CVE-2025-20333 , has an even higher CVSS score of 9.9 (critical) . It only affects ASA and FTD firewalls when the web VPN server is active.

The flaw, again caused by a failure to validate input in HTTP(S) requests, can be exploited by a remote attacker with valid VPN credentials. The outcome of a successful attack is identical to the previous one: arbitrary code execution as root and potential complete compromise of the device.

Cisco Secure Firewall ASA Software Feature Possible Vulnerable Configuration
Mobile User Security (MUS) webvpn
mus password
mus server enable port < Port_number >
mus < IPv4_address > < IPv4_mask > < interface_name >
SSL VPN webvpn
enable

Cisco Advisory and Recommendations

Cisco has published an official security advisory (ID: cisco-sa-asaftd-webvpn-z5xP8EUB , released September 25, 2025 ) regarding the CVE-2025-20333 vulnerability.
Among the main details:

  • Severity: Critical
  • CVSS Score: 9.9 (CVSS v3.1 / AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
  • Cisco Bug ID: CSCwq79831
  • Workaround: None available
  • Advisory Version: 1.0, Final

Devices are vulnerable if they are running an affected release of the ASA or FTD software and have VPN or SSL configurations enabled (for example, AnyConnect IKEv2, Mobile User Security, or SSL VPN).

Cisco specifies that:

  • No effective workarounds have been identified.
  • Software updates are available that fix the flaw.
  • It is strongly recommended that you update to a fixed release immediately.

Exploit and impact

The Cisco Product Security Incident Response Team (PSIRT) has reported that it is already aware of attempts to actively exploit the VPN server vulnerability. For this reason, the company reiterates the urgency of applying updates.

The vulnerability was discovered during the resolution of a Cisco TAC technical support case, with input from several security agencies, including:

  • Australian Signals Directorate – Australian Cyber Security Centre
  • Canadian Center for Cyber Security
  • UK National Cyber Security Center (NCSC)
  • US Cybersecurity & Infrastructure Security Agency (CISA)

Support tools

To check if a specific device is vulnerable, Cisco provides the Cisco Software Checker , which allows you to:

  • Identify advisories that impact a specific release.
  • Locate the first software release that fixes the problem.
  • Determine the release that addresses all known vulnerabilities.

Conclusions

The CVE-2025-20363 and CVE-2025-20333 vulnerabilities pose significant risks to corporate network infrastructure. The ability to execute arbitrary code as root makes affected devices particularly vulnerable to full compromise.

Cisco therefore invites customers to update their ASA and FTD firewalls without delay, following the instructions in the official advisory available at the link:

Redazione
The editorial team of Red Hot Cyber consists of a group of individuals and anonymous sources who actively collaborate to provide early information and news on cybersecurity and computing in general.

Lista degli articoli

azaeo.com – datalake

File fishes formats available in:

TextoJSONJSON-LDXMLHTMLHTML SourcePDFMarkdown

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.