CVE-2025-20362
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-25

Last updated on: 2025-11-06

Assigner: Cisco Systems, Inc.

Description
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-25
Last Modified
2025-11-06
Generated
2026-05-07
AI Q&A
2025-09-25
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20362
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
cisco adaptive_security_appliance_software From 9.12 (inc) to 9.12.4.72 (exc)
cisco adaptive_security_appliance_software From 9.14 (inc) to 9.14.4.28 (exc)
cisco adaptive_security_appliance_software From 9.16 (inc) to 9.16.4.85 (exc)
cisco adaptive_security_appliance_software From 9.17.0 (inc) to 9.18.4.67 (exc)
cisco adaptive_security_appliance_software From 9.19 (inc) to 9.20.4.10 (exc)
cisco adaptive_security_appliance_software From 9.22 (inc) to 9.22.2.14 (exc)
cisco adaptive_security_appliance_software From 9.23 (inc) to 9.23.1.19 (exc)
cisco firepower_threat_defense From 7.0.0 (inc) to 7.0.8.1 (exc)
cisco firepower_threat_defense From 7.1.0 (inc) to 7.2.10.2 (exc)
cisco firepower_threat_defense From 7.3.0 (inc) to 7.4.2.4 (exc)
cisco firepower_threat_defense From 7.6.0 (inc) to 7.6.2.1 (exc)
cisco firepower_threat_defense From 7.7.0 (inc) to 7.7.10.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the VPN web server of Cisco Secure Firewall ASA and FTD Software. It allows an unauthenticated remote attacker to bypass authentication and access restricted URL endpoints by sending specially crafted HTTP(S) requests. The root cause is improper validation of user-supplied input in these requests.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability could gain unauthorized access to restricted areas of the VPN web server without needing to authenticate. This could lead to exposure of sensitive information or unauthorized actions within the affected system, potentially compromising confidentiality and integrity.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart