Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability

Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333.

Published Sep 25, 2025 · Updated May 16, 2026

Why patchRisk explained in plain English

Worst-case scenarioIf unpatched

A remote attacker, without authentication, can achieve partial data exposure, partial data tampering. Federal agencies are required to remediate by 2025-09-26 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Missing Authorization (CWE-862) vulnerability in Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense. Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.

📧

Phishing link

→

🖼

Malicious file

🔓

Server compromised

Am I affected?Quick check

Probably yes if any of these apply:

●Network Security Team

●Firewall Administrators

●IT Security

●Running adaptive security appliance software: 9.12 ≤ v < 9.12.4.72, 9.14 ≤ v < 9.14.4.28, 9.16 ≤ v < 9.16.4.85, 9.17.0 ≤ v < 9.18.4.67, 9.19 ≤ v < 9.20.4.10, 9.22 ≤ v < 9.22.2.14, 9.23 ≤ v < 9.23.1.19; firepower threat defense: 7.0.0 ≤ v < 7.0.8.1, 7.1.0 ≤ v < 7.2.10.2, 7.3.0 ≤ v < 7.4.2.4, 7.6.0 ≤ v < 7.6.2.1, 7.7.0 ≤ v < 7.7.10.1

Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2025-09-25 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2025-09-26.

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

References

Vendor advisory: https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-20362

CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20362

PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

↗ CVE-2025-20362 ↗ NVD ↗ Vendor Advisory