InfoSecBulletin Cybersecurity for mankind
Cisco alerted the customer that hackers are exploiting a serious remote code execution flaw in its Secure Firewall ASA and Threat Defense software.
First disclosed on September 25, 2025, the vulnerability tracked as CVE-2025-20333 poses a severe risk to organizations relying on these firewalls for VPN access. With a CVSS score of 9.9, it enables authenticated attackers to run arbitrary code with root privileges, potentially leading to full device compromise.
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
                                        Affected Products:
Cisco has released software updates to fix this vulnerability. They strongly recommend customers upgrade to a patched version, as there are no workarounds available.
This advisory is available at the following link:
For more information on the vulnerability that is described in this advisory, see Cisco Event Response: Continued Attacks Against Cisco Firewall Platforms.
