⚠ Actively exploited
Added to CISA KEV on 2025-09-25. Federal agencies required to patch by 2025-09-26. Required action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available..

CVE-2025-20333

CWE-120Classic Buffer OverflowCWE-862Missing Authorization17 documents11 sources
Severity
9.9CRITICAL
EPSS
10.6%
top 6.71%
CISA KEV
KEV
Added 2025-09-25
Due 2025-09-26
Exploit
No known exploits
Affected products
4
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat DefenseCisco Cisco Secure Firewall Adaptive Security Appliance (asa) Software+1 more
Timeline
PublishedSep 25
KEV addedSep 25
KEV dueSep 26
Latest updateNov 13
CISA Required Action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Description

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful expl

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages4 packages

NVDcisco/firepower_threat_defense7.0.07.0.8.1+3

🔴Vulnerability Details

3
CVEList
CVE-2025-20333: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FT2025-09-25
GHSA
GHSA-vg93-6w2x-3cvp: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FT2025-09-25
VulnCheck
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability2025

🔍Detection Rules

1
Suricata
ET WEB_SERVER Cisco ASA/FTD Authenticated Buffer Overflow (CVE-2025-20333)2025-10-06

📋Vendor Advisories

3
CISA
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability2025-09-25
Cisco
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability2025-09-25
CISA
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability2025-09-25

🕵️Threat Intelligence

8
Bleepingcomputer
CISA warns feds to fully patch actively exploited Cisco flaws2025-11-13
Bleepingcomputer
Cisco: Actively exploited firewall flaws now abused for DoS attacks2025-11-07
Bleepingcomputer
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws2025-09-30
Unit42
Threat Insights: Active Exploitation of Cisco ASA Zero Days2025-09-26
Bleepingcomputer
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks2025-09-25
CVE-2025-20333 (CRITICAL CVSS 9.9) | A vulnerability in the VPN web serv | cvebase.io