Cisco firewalls under attack: New vulnerabilities in ASA and FTD actively exploited

Cisco is once again facing targeted attacks on its security products. Currently, unknown actors are actively exploiting at least two vulnerabilities in the Cisco Secure Firewall Adaptive Security Appliance (ASA) and the Secure Firewall Threat Defense (FTD). According to the company, the vulnerabilities are CVE-2025-20333 (critical) and CVE-2025-20362 (moderate). Security updates are available and should be applied immediately.

Both vulnerabilities affect the VPN web component of the affected products. CVE-2025-20333 is particularly critical: This vulnerability allows authenticated attackers to send specially crafted HTTPS requests to affected instances. If successful, the attacker can execute malicious code with root privileges – a nightmare for any administrator, as this is tantamount to a total takeover of the system. The second vulnerability, CVE-2025-20362, is formally less serious, but does not require authentication. Here, protected URL endpoints can be reached via manipulated requests. In practice, this could be used, for example, for unauthorized data queries or to prepare further attacks.

Cisco has also closed another critical gap (CVE-2025-20363). In addition to ASA and FTD, this also affects the router and switch operating systems IOS, IOS XE and IOS XR. They all have one thing in common: HTTP requests are not sufficiently verified. As a result, an attacker can also infiltrate and execute malicious code here. It is currently still unclear to what extent the attacks are taking place or how many systems are affected. However, in view of the attacks already underway, haste is required. In its Security Advisories, Cisco refers to individual update paths: Admins must identify and install the appropriate security update based on specific configurations.

The current wave of attacks shows once again that even security hardware such as firewalls is no guaranteed protection, but another potential gateway. It is particularly critical that root access to affected systems is possible – in many companies, these firewalls are the last bulwark against external attacks. Those who fail to patch now risk, in the worst case, having their own infrastructure completely compromised. Admins should immediately check whether their ASA and FTD systems are affected and install the updates provided. The security of VPN access should also be checked and, if necessary, secured with more restrictive policies. The combination of an authentication bypass and root access is an explosive mixture – and currently a real boon for attackers.

Source: Heise