The Australian Cyber Security Centre has issued a critical alert following reports that threat actors are targeting multiple vulnerabilities impacting Cisco ASA 5500-X Series models, running Cisco ASA Software or FTD software:
- CVE-2025-20333 (Critical) – A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
- CVE-2025-20363 (Critical) – A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device.
- CVE-2025-20362 (Medium) – A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that should otherwise be inaccessible without authentication.
A number of versions of Cisco software releases are affected, including those within the following ranges:
- Cisco ASA Software releases 9.12 to 9.23x and;
- Cisco FTD Software releases 7.0 to 7.7x.
For further information visit
https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks for specific version details.
Cisco reports active exploitation of these vulnerabilities has been observed globally.
