Patch now! Malicious code attacks on ASA/FTD firewalls from Cisco

Due to current attacks, admins should update Cisco Firewall Adaptive and Security Appliance Secure Firewall Threat Defence.

(Image: solarseven/Shutterstock.com)

Sep 26, 2025 at 12:22 pm CEST

2 min. read

Security

By

Dennis Schirrmacher

Unknown attackers are currently exploiting two vulnerabilities in Cisco Secure Firewall Adaptive Security Appliance (ASA) software and Cisco Secure Firewall Threat Defense (FTD) software. This allows them to gain access to areas that are actually protected or even execute malicious code. Security updates are available.

The extent of the attacks is currently unclear. To find suitable patches, admins must enter certain general conditions in the form fields in the warning messages linked below this article so that the appropriate update is displayed as a result.

Root attacks

The two exploited vulnerabilities (CVE-2025-20333 “critical”, CVE-2025-20362 “moderate”) affect the VPN web server component of ASA and FTD. In both cases, remote attacks are possible, but attackers must already be authenticated to exploit the critical vulnerability.

If an attacker has valid VPN credentials, they can send crafted HTTP(S) requests to vulnerable instances. It is then possible to execute malicious code with root privileges. This usually leads to a complete compromise of systems.

Videos by heise

In the case of the other attacked vulnerability, no authentication is required, and attackers can use an identical attack path to access URL endpoints that are actually sealed off.

Further security updates

The developers have also closed another “critical” vulnerability (CVE-2025-20363) in ASA, FTD, iOS, ISO XE, and IOS XR. Here, too, HTTP requests are not sufficiently checked so that malicious code can reach instances.

Only recently, root vulnerabilities in Cisco's network operating system IOS and IOS XE made the headlines.

List sorted by threat level in descending order: