⚠ Actively exploited
Added to CISA KEV on 2025-09-25. Federal agencies required to patch by 2025-09-26. Required action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available..

CVE-2025-20362Missing Authorization in Cisco Adaptive Security Appliance Software

CWE-862Missing Authorization17 documents12 sources
Severity
8.6HIGHNVD
CNA9.9VulnCheck9.9CISA9.9
EPSS
46.9%
top 2.32%
CISA KEV
KEV
Added 2025-09-25
Due 2025-09-26
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat DefenseCisco Secure Firewall Adaptive Security Appliance Software+1 more
Timeline
PublishedSep 25
KEV addedSep 25
KEV dueSep 26
Latest updateNov 13
CISA Required Action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Description

Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability i

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages4 packages

NVDcisco/firepower_threat_defense7.0.07.0.8.1+4

🔴Vulnerability Details

3
GHSA
GHSA-wx28-57x9-xv5f: A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FT2025-09-25
CVEList
CVE-2025-20362: Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software2025-09-25
VulnCheck
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability2025

💥Exploits & PoCs

1
Nuclei
Cisco Secure Firewall ASA & FTD - Authentication Bypass

🔍Detection Rules

1
Suricata
ET WEB_SERVER Cisco ASA/FTD WebVPN Authentication Bypass (CVE-2025-20362)2025-10-06

📋Vendor Advisories

2
CISA
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability2025-09-25
Cisco
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability2025-09-25

🕵️Threat Intelligence

8
Bleepingcomputer
CISA warns feds to fully patch actively exploited Cisco flaws2025-11-13
Bleepingcomputer
Cisco: Actively exploited firewall flaws now abused for DoS attacks2025-11-07
Bleepingcomputer
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws2025-09-30
Unit42
Threat Insights: Active Exploitation of Cisco ASA Zero Days2025-09-26
Bleepingcomputer
CISA orders agencies to patch Cisco flaws exploited in zero-day attacks2025-09-25
CVE-2025-20362 — Missing Authorization in Cisco | cvebase