You are currently viewing Burning Down the Firewall: Cisco ASA and FTD Under Active Exploitation

Burning Down the Firewall: Cisco ASA and FTD Under Active Exploitation

  • Post author:
  • Reading time:2 mins read

Cisco has issued a warning regarding a new wave of attacks targeting their Secure Firewall Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. This new attack variant exploits vulnerabilities CVE-2025-20333 and CVE-2025-20362, potentially leading to denial-of-service (DoS) conditions due to unexpected device reloads.

The Vulnerabilities

The threat revolves around two key vulnerabilities:

  • CVE-2025-20333: This is a buffer overflow vulnerability found within the VPN web server component of Cisco’s Secure Firewall ASA and FTD software. When processing crafted HTTP requests, the software fails to properly validate the size of the input, leading to memory corruption and potential code execution.
  • CVE-2025-20362: This vulnerability concerns a missing authorization check, meaning the system doesn’t properly verify user permissions before granting access to certain resources in the same Cisco products. This could provide attackers unauthorized access to restricted URLs.

Cisco has released patches to address these issues, and it is crucial that users apply these updates. The CISA KEV catalog has also included these vulnerabilities, emphasizing their active exploitation.

Impact & Exploit Potential

The impact of these vulnerabilities is significant. According to Cisco, the new attack can cause devices to reload without warning, leading to potential denial-of-service conditions. Cisco has been working with CISA and other government agencies to address these issues.

Mitigation & Recommendations

Given the active exploitation and potential impact of these vulnerabilities, it is imperative to take the following steps:

  • Apply Patches Immediately: Upgrade Cisco Secure Firewall ASA and FTD software to the fixed releases as soon as possible. Refer to Cisco’s security advisory for specific version details.
  • Monitor for Suspicious Activity: Implement robust network monitoring to detect any unusual behavior, such as unexpected reloads, or unauthorized access attempts.
  • Investigate Potential Compromises: If you suspect that your systems may have been compromised, conduct a thorough investigation to identify and remediate any malicious activity.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.