Remote Code Execution Vulnerability in Cisco Secure Firewall and IOS Software
CVE-2025-20363

9CRITICAL

Key Information:

Vendor: Cisco
Status: iOS; Cisco iOS Xr Software; Cisco Adaptive Security Appliance (asa) Software; Cisco iOS Xe Software
Vendor: CVE Published:; 25 September 2025

Badges

📈 Score: 636👾 Exploit Exists

What is CVE-2025-20363?

CVE-2025-20363 is a serious remote code execution vulnerability identified in multiple Cisco products, including Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, and Cisco IOS Software (including IOS XE and IOS XR). The vulnerability arises from improper validation of user-supplied input in HTTP requests, allowing an attacker to exploit the weakness through crafted requests sent to the device's web services. An unauthenticated attacker can target Cisco ASA and FTD Software, while an authenticated attacker with low privileges can exploit vulnerabilities in Cisco IOS-based software.

If successfully exploited, this vulnerability could permit the execution of arbitrary code with root privileges on the affected device, potentially leading to a complete compromise of the system. This presents a significant risk for organizations using Cisco devices, as it could enable unauthorized access to sensitive data, disruption of services, and exploitation for further attacks.

Potential Impact of CVE-2025-20363

Complete Device Compromise: The vulnerability allows attackers to execute arbitrary code with root access, which can lead to total control over the device. This level of access can facilitate further exploitation, enabling attackers to manipulate configurations, exfiltrate data, or deploy additional malicious software.
Network Vulnerability: Compromised devices can be leveraged as entry points into the larger network infrastructure. This could lead to lateral movement across the organization's network, potentially exposing more critical systems and sensitive information.
Service Disruption: Exploiting this vulnerability may lead to significant disruption of services hosted on the compromised devices, potentially affecting the availability of essential security functions, network operations, and overall organizational productivity.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software 9.8.1

Cisco Adaptive Security Appliance (ASA) Software 9.8.1.5

Cisco Adaptive Security Appliance (ASA) Software 9.8.1.7

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Sep 25, 2025
Vulnerability published
Sep 25, 2025
Vulnerability Reserved
Oct 10, 2024

JSON