Serious vulnerabilities in Cisco Secure Firewall ASA and FTD

News
ernstige-kwetsbaarheden-in-cisco-secure-firewall-asa-en-ftd
Published by
WINMAG Pro Editorial Team
Tue, 24 February 2026, 11:25
Read time: 3 min 0 sec
Share
Cisco has addressed serious vulnerabilities in Cisco Secure Firewall ASA (Adaptive Security Appliance) and FTD (Firepower Threat Defense) software. The vulnerabilities are designated as CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363. The vulnerabilities identified as CVE-2025-20333 and CVE-2025-20363 are severe and require immediate attention, as they can lead to unauthorized control over the systems. The vulnerabilities are rated as 'High/High'. This means that both the likelihood of exploitation and the potential for damage are high.

What is the risk?

There are three different vulnerabilities involved in active exploitation:

  • The vulnerability identified as CVE-2025-20333 could allow an attacker with valid VPN credentials to execute arbitrary code with root privileges, potentially leading to complete compromise of the device.
  • The vulnerability identified as CVE-2025-20362 could grant an attacker unauthenticated access to a restricted URL upon successful exploitation.
  • The vulnerability identified as CVE-2025-20363 could be exploited by an attacker sending specially crafted HTTP requests to a targeted web service on an affected device, after obtaining additional system information, bypassing exploit mitigations, or both, and upon successful exploitation, allow arbitrary code execution with root privileges, which could also lead to complete compromise of the device.

Cisco is aware of attempts to exploit these vulnerabilities. There is (currently) no public Proof-of-Concept code (PoC) or exploit available. The National Cyber Security Centre (NCSC) expects that PoCs or exploits will become available very soon. This increases the risk of widespread exploitation.

What can you do?

Cisco has released updates to address the vulnerabilities. Cisco has also published Indicators of Compromise (IoCs), which can be used to investigate whether a system has been compromised, and temporary mitigation steps have been made available. See the attached links:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks

https://sec.cloudapps.cisco.com/security/center/resources/detection_guide_for_continued_attacks

If your company is using Cisco Secure Firewall ASA (Adaptive Security Appliance) and FTD (Firepower Threat Defense) Software, the Digital Trust Center (DTC) advises to install the security updates as soon as possible and check your system for the presence of IoCs. If you are unsure whether you are using this software, check with your IT service provider. Read more about edge devices.

Need help? Engage external expertise with 50% subsidy

Not sure what to do? Or do you lack the knowledge and experience to take appropriate measures? Then contact an IT service provider or supplier. A subsidy for small businesses is available until October 31, 2025. This can reimburse up to 50% of the costs for a significant number of measures to enhance your digital resilience.

Other

6g-hoe-ziet-de-toekomst-van-netwerken-eruit
News
Software

6G: what does the future of networks look like?

Saturday 16 May 2026 - 10:30
nederland-scoort-te-laag-op-digitale-weerbaarheid
News
Software
3+

The Netherlands scores too low on digital resilience

Thursday 14 May 2026 - 08:00
risicos-van-niet-goedgekeurde-ai-tools-in-bedrijven
News
Software

Risks of unapproved AI tools in companies

Tuesday 12 May 2026 - 13:20
maak-je-it-continuiteitsplan-toekomstbestendig
News

Make your IT continuity plan future-proof

Wednesday 6 May 2026 - 22:15