← Back to CVEs
CVE-2025-20333
CRITICALCISA KEV9.9
Description
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
CVE Details
CVSS v3.1 Score9.9
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published9/25/2025
Last Modified10/28/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorCisco
ProductSecure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
Vulnerability NameCisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability
KEV Date Added2025-09-25
Remediation Due Date2025-09-26
Ransomware UseUnknown
Affected Products
cisco:adaptive_security_appliance_softwarecisco:firepower_threat_defense
Weaknesses (CWE)
CWE-120
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB(psirt@cisco.com)
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20333(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.