Cisco Firewall Zero-Day Vulnerability
- NOVEMBER 12TH, 2025
- 2min read
Introduction
Cisco has announced a new attack variant. This attack targets devices running Cisco Secure Firewall ASA and FTD Software that have unpatched vulnerabilities known as CVE-2025-20333 and CVE-2025-20362. Exploitation of these vulnerabilities can lead to denial-of-service (DoS) or remote code execution (RCE), emphasizing the need for immediate patching.
The Zero Day Vulnerabilities Explained
CVE-2025-20333: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
CVE-2025-20362: This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
Affected Products
- Cisco Secure Firewall Adaptive Security Appliance (ASA)
- Cisco Secure Firewall Threat Defense (FTD)
Recommended Actions
- Verify system versions and confirm updates against Cisco advisories.
- Immediately apply available patches for ASA, FTD.
- Restrict external access to management interfaces until patched.
- Monitor for indicators of compromise (IoCs) associated with RayInitiator and LINE VIPER.
- Enable intrusion prevention and system logging to detect exploit attempts.
Keywords
- Primary: Cisco Firewall zero-day, ASA FTD vulnerability, CVE-2025-20333
- Secondary: CVE-2025-20362, remote code execution (RCE), denial-of-service (DoS), Cisco Secure Firewall patching, VPN web server vulnerability, network security threat
Explore more CIL Advisories
Review Bombing Attacks and Extortion
IntroductionMalicious actors use "review-bombing", a coordinated flood of fake, one-star reviews as an initial step for extortion. This high volume…
NOVEMBER 26TH, 2025
Read More
Synthetic Phishing: AI-Enabled Insider Impersonation
IntroductionThreat actors increasingly use artificial intelligence (AI) to impersonate trusted individuals such as executives, employees, or suppliers within organisations. These…
NOVEMBER 24TH, 2025
Read More
The Silent Security Threat: Data Hoarding
IntroductionThe greatest risk to your organization may be the sheer volume of data we hold, a practice known as Data…
NOVEMBER 19TH, 2025
Read MoreNever miss a CIL Security Advisory
Stay informed with the latest security updates and insights from CIL.
