CVE Alert: CVE-2025-20362 - Cisco - Cisco Adaptive Security Appliance (ASA) Software

CVE-2025-20362

MEDIUMExploitation active

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.

CVSS v3.1 (6.5)

AV NETWORK · AC LOW · PR NONE · UI NONE · S UNCHANGED

Vendor

Cisco, Cisco

Product

Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software

Versions

9.8.1 | 9.8.1.5 | 9.8.1.7 | 9.8.2 | 9.8.2.8 | 9.8.2.14 | 9.8.2.15 | 9.8.2.17 | 9.8.2.20 | 9.8.2.24 | 9.8.2.26 | 9.8.2.28 | 9.8.2.33 | 9.8.2.35 | 9.8.2.38 | 9.8.3.8 | 9.8.3.11 | 9.8.3.14 | 9.8.3.16 | 9.8.3.18 | 9.8.3.21 | 9.8.3 | 9.8.3.26 | 9.8.3.29 | 9.8.4 | 9.8.4.3 | 9.8.4.7 | 9.8.4.8 | 9.8.4.10 | 9.8.4.12 | 9.8.4.15 | 9.8.4.17 | 9.8.2.45 | 9.8.4.25 | 9.8.4.20 | 9.8.4.22 | 9.8.4.26 | 9.8.4.29 | 9.8.4.32 | 9.8.4.33 | 9.8.4.34 | 9.8.4.35 | 9.8.4.39 | 9.8.4.40 | 9.8.4.41 | 9.8.4.43 | 9.8.4.44 | 9.8.4.45 | 9.8.4.46 | 9.8.4.48 | 9.12.1 | 9.12.1.2 | 9.12.1.3 | 9.12.2 | 9.12.2.4 | 9.12.2.5 | 9.12.2.9 | 9.12.3 | 9.12.3.2 | 9.12.3.7 | 9.12.4 | 9.12.3.12 | 9.12.3.9 | 9.12.2.1 | 9.12.4.2 | 9.12.4.4 | 9.12.4.7 | 9.12.4.10 | 9.12.4.13 | 9.12.4.8 | 9.12.4.18 | 9.12.4.24 | 9.12.4.26 | 9.12.4.29 | 9.12.4.30 | 9.12.4.35 | 9.12.4.37 | 9.12.4.38 | 9.12.4.39 | 9.12.4.40 | 9.12.4.41 | 9.12.4.47 | 9.12.4.48 | 9.12.4.50 | 9.12.4.52 | 9.12.4.54 | 9.12.4.55 | 9.12.4.56 | 9.12.4.58 | 9.12.4.62 | 9.12.4.65 | 9.12.4.67 | 9.14.1 | 9.14.1.10 | 9.14.1.6 | 9.14.1.15 | 9.14.1.19 | 9.14.1.30 | 9.14.2 | 9.14.2.4 | 9.14.2.8 | 9.14.2.13 | 9.14.2.15 | 9.14.3 | 9.14.3.1 | 9.14.3.9 | 9.14.3.11 | 9.14.3.13 | 9.14.3.18 | 9.14.3.15 | 9.14.4 | 9.14.4.6 | 9.14.4.7 | 9.14.4.12 | 9.14.4.13 | 9.14.4.14 | 9.14.4.15 | 9.14.4.17 | 9.14.4.22 | 9.14.4.23 | 9.14.4.24 | 9.16.1 | 9.16.1.28 | 9.16.2 | 9.16.2.3 | 9.16.2.7 | 9.16.2.11 | 9.16.2.13 | 9.16.2.14 | 9.16.3 | 9.16.3.3 | 9.16.3.14 | 9.16.3.15 | 9.16.3.19 | 9.16.3.23 | 9.16.4 | 9.16.4.9 | 9.16.4.14 | 9.16.4.18 | 9.16.4.19 | 9.16.4.27 | 9.16.4.38 | 9.16.4.39 | 9.16.4.42 | 9.16.4.48 | 9.16.4.55 | 9.16.4.57 | 9.16.4.61 | 9.16.4.62 | 9.16.4.67 | 9.16.4.70 | 9.16.4.71 | 9.16.4.76 | 9.16.4.82 | 9.16.4.84 | 9.17.1 | 9.17.1.7 | 9.17.1.9 | 9.17.1.10 | 9.17.1.11 | 9.17.1.13 | 9.17.1.15 | 9.17.1.20 | 9.17.1.30 | 9.17.1.33 | 9.17.1.39 | 9.17.1.45 | 9.17.1.46 | 9.18.1 | 9.18.1.3 | 9.18.2 | 9.18.2.5 | 9.18.2.7 | 9.18.2.8 | 9.18.3 | 9.18.3.39 | 9.18.3.46 | 9.18.3.53 | 9.18.3.55 | 9.18.3.56 | 9.18.4 | 9.18.4.5 | 9.18.4.8 | 9.18.4.22 | 9.18.4.24 | 9.18.4.29 | 9.18.4.34 | 9.18.4.40 | 9.18.4.47 | 9.18.4.50 | 9.18.4.52 | 9.18.4.53 | 9.18.4.57 | 9.18.4.66 | 9.19.1 | 9.19.1.5 | 9.19.1.9 | 9.19.1.12 | 9.19.1.18 | 9.19.1.22 | 9.19.1.24 | 9.19.1.27 | 9.19.1.28 | 9.19.1.31 | 9.19.1.37 | 9.19.1.38 | 9.19.1.42 | 9.20.1 | 9.20.1.5 | 9.20.2 | 9.20.2.10 | 9.20.2.21 | 9.20.2.22 | 9.20.3 | 9.20.3.4 | 9.20.3.7 | 9.20.3.9 | 9.20.3.10 | 9.20.3.13 | 9.20.3.16 | 9.20.3.20 | 9.20.4 | 9.20.4.7 | 9.22.1.1 | 9.22.1.3 | 9.22.1.2 | 9.22.1.6 | 9.22.2 | 9.22.2.4 | 9.22.2.9 | 9.22.2.13 | 9.23.1 | 9.23.1.3 | 9.23.1.7 | 9.23.1.13 | 6.2.3 | 6.2.3.1 | 6.2.3.2 | 6.2.3.3 | 6.2.3.4 | 6.2.3.5 | 6.2.3.6 | 6.2.3.7 | 6.2.3.8 | 6.2.3.10 | 6.2.3.11 | 6.2.3.9 | 6.2.3.12 | 6.2.3.13 | 6.2.3.14 | 6.2.3.15 | 6.2.3.16 | 6.2.3.17 | 6.2.3.18 | 6.6.0 | 6.6.0.1 | 6.6.1 | 6.6.3 | 6.6.4 | 6.6.5 | 6.6.5.1 | 6.6.5.2 | 6.6.7 | 6.6.7.1 | 6.6.7.2 | 6.4.0 | 6.4.0.1 | 6.4.0.3 | 6.4.0.2 | 6.4.0.4 | 6.4.0.5 | 6.4.0.6 | 6.4.0.7 | 6.4.0.8 | 6.4.0.9 | 6.4.0.10 | 6.4.0.11 | 6.4.0.12 | 6.4.0.13 | 6.4.0.14 | 6.4.0.15 | 6.4.0.16 | 6.4.0.17 | 6.4.0.18 | 7.0.0 | 7.0.0.1 | 7.0.1 | 7.0.1.1 | 7.0.2 | 7.0.2.1 | 7.0.3 | 7.0.4 | 7.0.5 | 7.0.6 | 7.0.6.1 | 7.0.6.2 | 7.0.6.3 | 7.0.7 | 7.0.8 | 7.1.0 | 7.1.0.1 | 7.1.0.2 | 7.1.0.3 | 7.2.0 | 7.2.0.1 | 7.2.1 | 7.2.2 | 7.2.3 | 7.2.4 | 7.2.4.1 | 7.2.5 | 7.2.5.1 | 7.2.6 | 7.2.7 | 7.2.5.2 | 7.2.8 | 7.2.8.1 | 7.2.9 | 7.2.10 | 7.3.0 | 7.3.1 | 7.3.1.1 | 7.3.1.2 | 7.4.0 | 7.4.1 | 7.4.1.1 | 7.4.2 | 7.4.2.1 | 7.4.2.2 | 7.4.2.3 | 7.6.0 | 7.6.1 | 7.6.2 | 7.7.0 | 7.7.10

CWE

CWE-862, Missing Authorization

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Published

2025-09-25T16:12:35.916Z

Updated

2025-09-25T17:16:50.945Z

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

AI Summary Analysis

This vulnerability poses a medium-risk but urgent threat due to active exploitation in the wild and its inclusion in the KEV catalog, requiring immediate attention. It matters because unauthenticated attackers can bypass access controls on VPN web servers, potentially exposing sensitive internal resources without credentials, disrupting secure remote access, and undermining perimeter security. Attackers can exploit this remotely without authentication or user interaction, leveraging low-complexity crafted HTTP(S) requests directly over the network, with no privilege requirements and no scope change, making lateral movement less likely without further footholds. Organisations running Cisco ASA or Firepower Threat Defense with VPN web servers exposed to public networks are most vulnerable, particularly where these products enforce critical remote access controls in enterprise settings. Detection should focus on anomalous HTTP(S) requests targeting VPN web interfaces, unexpected access to normally restricted URL endpoints, spikes in unauthenticated GET or POST requests, unusual VPN web session patterns, and correlating external IP addresses with threat intelligence feeds for known exploit attempts. Mitigation requires prompt application of vendor patches designated as priority one due to active exploitation; network-level controls to restrict administrative VPN access; monitoring for suspicious web traffic patterns; and thorough change management to ensure no interruption to critical VPN services during patch deployment.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: cisco, cisco-adaptive-security-appliance-asa-software, cisco-firepower-threat-defense-software, CVE, cve-2025-20362, OSINT, threatintel

CVE Alert: CVE-2025-20362 – Cisco – Cisco Adaptive Security Appliance (ASA) Software

CVE-2025-20362

AI Summary Analysis

CVE Alert: CVE-2025-20333 – Cisco – Cisco Adaptive Security Appliance (ASA) Software