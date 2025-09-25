What’s new: Cisco has reported two zero-day vulnerabilities affecting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. These vulnerabilities, CVE-2025-20333 (CVSS score: 9.9) and CVE-2025-20362 (CVSS score: 6.5), are being actively exploited in the wild, allowing attackers to execute arbitrary code and access restricted endpoints without authentication.

Who’s affected

Organizations using Cisco ASA and FTD Software are at risk, particularly those with VPN configurations. The vulnerabilities can be exploited by both authenticated and unauthenticated attackers.

What to do

Patch affected Cisco ASA and FTD Software immediately to mitigate the vulnerabilities.

Follow CISA’s emergency directive ED 25-03 to identify and analyze potential compromises.

Monitor for any signs of exploitation or unusual activity on your network.

Sources