Cisco Zero-Day CVE-2025-20362 Under Attack: VPN Flaw in ASA/FTD Exposes Restricted Resources
Do Son 
Cisco has released software updates addressing a zero-day vulnerability in the VPN web server of its Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. Tracked as CVE-2025-20362 and rated CVSS 6.5 (Medium-High severity), the flaw could allow unauthenticated attackers to gain unauthorized access to restricted resources.
Cisco describes the issue as follows: βA vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication.β
The root cause is improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this weakness by sending crafted HTTP requests to the targeted device. βA successful exploit could allow the attacker to access a restricted URL without authentication.β
The vulnerability impacts devices running vulnerable releases of ASA or FTD software with certain configurations enabled. Specifically:
- ASA Software may be affected when configured with AnyConnect IKEv2 Remote Access, Mobile User Security (MUS), or SSL VPN.
- FTD Software may be affected when configured with AnyConnect IKEv2 Remote Access or AnyConnect SSL VPN.
Cisco highlights that remote access VPN features can enable SSL listen sockets, creating the conditions for exploitation.
Notably, the Cisco Product Security Incident Response Team (PSIRT) confirmed that the flaw has already been targeted: βThe Cisco PSIRT is aware of attempted exploitation of this vulnerability.β
Cisco strongly advises customers to upgrade: βCisco has released software updates that address this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.β
Additionally, the company recommends enabling enhanced protections: βAfter installing a fixed release, it is recommended that customers review the Configure Threat Detection for VPN Services section of the Cisco Secure Firewall ASA Firewall CLI Configuration Guide.β
Related Posts:
- Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed
- Apple Is Quietly Testing an AI Chatbot for Its Store Employees
- SAML Authentication System Vulnerability Affects Cisco Firepower, AnyConnect, and ASA Products
- Cisco fix the zero-day CVE-2023-20269 flaw in its VPN products
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
