Vulnerability in Cisco Secure Firewall VPN Web Server
CVE-2025-20362

6.5MEDIUM

Key Information:

Vendor

Cisco
Status
Cisco Adaptive Security Appliance (asa) Software
Cisco Firepower Threat Defense Software
Vendor
CVE Published:
25 September 2025

Badges

📈 Score: 288👾 Exploit Exists🟣 EPSS 14%🦅 CISA Reported📰 News Worthy

What is CVE-2025-20362?

CVE-2025-20362 is a significant vulnerability found in the Cisco Secure Firewall's VPN web server, specifically affecting the Adaptive Security Appliance (ASA) and Threat Defense (FTD) Software. This vulnerability arises from improper validation of user-supplied input in HTTP(S) requests, allowing an unauthenticated, remote attacker to access restricted URL endpoints that should require authentication. The exploitation of this defect enables attackers to circumvent security controls, potentially leading to unauthorized access to sensitive information and data within the network. Given the integral role of the Cisco Secure Firewall in network security operations, this vulnerability presents a critical risk for organizations relying on these systems for protecting their network infrastructure.

Potential impact of CVE-2025-20362

  1. Unauthorized Access to Restricted Resources: Exploiting this vulnerability allows attackers to gain access to sensitive areas of the network without proper authentication, increasing the risk of data breaches and leveraging confidential information for malicious purposes.

  2. Increased Attack Surface: With the potential for remote exploitation, the presence of this vulnerability can expose organizational networks to additional cyber threats, increasing the risk of follow-on attacks or lateral movement within compromised environments.

  3. Reputation and Compliance Risks: Organizations that fall victim to the exploits of this vulnerability may face reputational damage and compliance issues, particularly in regulated industries, should confidential data be leaked or misused. This can lead to financial penalties, loss of customer trust, and extended recovery efforts post-incident.

CISA has reported CVE-2025-20362

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-20362 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software 9.8.1

Cisco Adaptive Security Appliance (ASA) Software 9.8.1.5

Cisco Adaptive Security Appliance (ASA) Software 9.8.1.7

News Articles

favicon imageBleepingComputer

Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws

Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers.

2 weeks ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

EPSS Score

14% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by BleepingComputer

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-20362 : Vulnerability in Cisco Secure Firewall VPN Web Server