Arbitrary Code Execution Vulnerability in Cisco Secure Firewall ASA and FTD Software
CVE-2025-20333
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 25 September 2025
Badges
What is CVE-2025-20333?
CVE-2025-20333 is a critical security vulnerability affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability arises from improper validation of user-supplied input in the HTTP(S) requests to the VPN web server component of these devices. The flaw allows authenticated remote attackers, who possess valid VPN credentials, to send specially crafted HTTP requests that can lead to the execution of arbitrary code on the device.
This means that an attacker could potentially execute malicious code with root privileges, which poses a severe risk as it may lead to the complete compromise of the device. Given the role of Cisco ASA and FTD in securing network environments, an exploitation of this vulnerability could result in unauthorized access to sensitive data and critical network resources, thereby jeopardizing the security posture of organizations reliant on these systems.
Potential impact of CVE-2025-20333
-
Complete Device Compromise: An attacker exploiting this vulnerability could gain root access to the affected device, allowing them to take full control, modify configurations, and access sensitive information.
-
Data Breaches: With arbitrary code execution capabilities, attackers can exfiltrate sensitive information stored on the device or transmitted through it, potentially leading to data breaches that affect customer privacy and organizational integrity.
-
Network Disruption: The compromised device could be used as a launch point for further attacks against other systems within the network, leading to widespread disruption and additional vulnerabilities being exposed.
CISA has reported CVE-2025-20333
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-20333 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.
Affected Version(s)
Cisco Adaptive Security Appliance (ASA) Software 9.8.1
Cisco Adaptive Security Appliance (ASA) Software 9.8.1.5
Cisco Adaptive Security Appliance (ASA) Software 9.8.1.7
News Articles
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.
2 weeks ago
The Hacker NewsCVE-2025-20333Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive
Cisco ASA zero-days CVE-2025-20333 and 20362 exploited; CISA issues ED 25-03 for urgent patching.
3 weeks ago
References
CVSS V3.1
Timeline
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved