Ethical Hacking News
Cisco has issued a critical alert about two newly discovered zero-day vulnerabilities in its ASA firewall software, which are being actively exploited in attacks. The company urges customers to upgrade to fixed software releases as soon as possible to remediate these vulnerabilities.
Cisco has issued a critical alert regarding two zero-day vulnerabilities in its Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. The first vulnerability, CVE-2025-20333, allows authenticated, remote attackers to execute arbitrary code on devices running vulnerable ASA and FTD software. The second vulnerability, CVE-2025-20362, enables remote attackers to access restricted URL endpoints without authentication. A third critical vulnerability (CVE-2025-20363) has also been patched in firewall and Cisco IOS software that can let unauthenticated threat actors execute arbitrary code remotely on unpatched devices.
Cisco, a leading provider of network security solutions, has issued a critical alert to its customers regarding two zero-day vulnerabilities in its Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. The company's Product Security Incident Response Team (PSIRT) has confirmed that these vulnerabilities are being actively exploited in attacks, posing a significant threat to the security of Cisco's firewall systems.
The first vulnerability, identified as CVE-2025-20333, allows authenticated, remote attackers to execute arbitrary code on devices running vulnerable ASA and FTD software. This means that even authorized users with access to the system can potentially compromise its security by exploiting this vulnerability. The PSIRT has warned customers that they should upgrade to a fixed software release immediately to remediate this vulnerability.
The second vulnerability, identified as CVE-2025-20362, enables remote attackers to access restricted URL endpoints without authentication. This means that an attacker can bypass traditional authentication mechanisms and gain unauthorized access to sensitive areas of the system, potentially leading to data breaches or other security incidents.
In addition to these two zero-day vulnerabilities, Cisco has also patched a third critical vulnerability (CVE-2025-20363) in firewall and Cisco IOS software that can let unauthenticated threat actors execute arbitrary code remotely on unpatched devices. This vulnerability is particularly concerning as it allows attackers to potentially gain full control over the system without being detected.
The PSIRT has thanked several organizations, including the Australian Cyber Security Centre, the Canadian Centre for Cyber Security, the UK National Cyber Security Centre (NCSC), and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), for their assistance in investigating these vulnerabilities. GreyNoise, a cybersecurity company that monitors and analyzes threat activity, has also reported detecting large-scale campaigns targeting Cisco ASA login portals and Cisco IOS Telnet/SSH services exposed online.
It's worth noting that cybersecurity companies often detect reconnaissance activity preceding the disclosure of new security vulnerabilities impacting specific products. In this case, BleepingComputer contacted Cisco for comment on the observed malicious activity, but the company has yet to respond.
The discovery of these zero-day vulnerabilities highlights the importance of keeping software up-to-date and patched. It also underscores the need for organizations to have robust security measures in place to detect and respond to potential threats. Cisco's response to this vulnerability is a good example of how companies should proactively address security concerns and provide timely guidance to their customers.
The security landscape continues to evolve, with new vulnerabilities being discovered all the time. It's essential that organizations stay informed about these developments and take steps to protect themselves from emerging threats.
In conclusion, Cisco's warning regarding the exploitation of zero-day vulnerabilities in its ASA firewall software highlights the need for vigilance in maintaining the security of critical systems. Organizations must prioritize proactive measures to prevent these types of attacks and ensure the integrity of their network infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Warns-of-Critical-ASA-Firewall-Zero-Day-Vulnerabilities-Exploited-in-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisco-warns-of-asa-firewall-zero-days-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-20333
https://www.cvedetails.com/cve/CVE-2025-20333/
https://nvd.nist.gov/vuln/detail/CVE-2025-20362
https://www.cvedetails.com/cve/CVE-2025-20362/
https://nvd.nist.gov/vuln/detail/CVE-2025-20363
https://www.cvedetails.com/cve/CVE-2025-20363/
Published: Thu Sep 25 12:40:39 2025 by llama3.2 3B Q4_K_M
