CRITICAL Cisco Zero-Day (CVE-2025-20333, CVSS 9.9) Under Active Attack: VPN Flaw Allows Root RCE
Do Son 
Cisco has disclosed a zero-day vulnerability affecting its Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. Tracked as CVE-2025-20333 with a CVSS score of 9.9 (Critical), the flaw could allow remote attackers with valid VPN credentials to fully compromise affected devices.
According to Cisco, βA vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.β
The flaw exists because of improper validation of user-supplied input in HTTP(S) requests. Cisco warns: βA successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.β
Devices running vulnerable versions of ASA or FTD software are at risk if configured with:
- AnyConnect IKEv2 Remote Access (with client services)
- Mobile User Security (MUS)
- SSL VPN
Cisco has confirmed that this vulnerability does not affect Cisco Secure FMC Software.
The Cisco Product Security Incident Response Team (PSIRT) confirmed that this flaw is already being targeted in the wild: βThe Cisco PSIRT is aware of attempted exploitation of this vulnerability.β
This makes CVE-2025-20333 especially urgent, as attackers are actively trying to leverage it for real-world intrusions.
Cisco strongly advises immediate patching: βCisco has released software updates that address this vulnerability. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability.β
Additionally, administrators should review Ciscoβs Threat Detection for VPN Services guidance to help mitigate login authentication attacks and client initiation abuses.
Related Posts:
- Hackers use Cisco Router flaws to attack Iran, 3,500 routers hacked
- Cisco releases patch to fix three high security bugs
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
