"Tracked as CVE-2025-20333 (CVSS score of 9.9) and CVE-2025-20362 (CVSS score of 6.5), the bugs impact the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. The issues, Cisco explains, exist because user-supplied input in HTTP(S) requests is not properly validated, allowing a remote attacker to send crafted requests and execute arbitrary code with root privileges or access a restricted URL without authentication."
"Both vulnerabilities, Cisco notes in a fresh alert, were discovered after it was called in May 2025 to assist with investigating attacks targeting government organizations, in which ASA 5500-X series devices with VPN web services enabled were compromised. "Attackers were observed to have exploited multiple zero-day vulnerabilities and employed advanced evasion techniques such as disabling logging, intercepting CLI commands, and intentionally crashing devices to prevent diagnostic analysis," Cisco explains."
Emergency patches address two vulnerabilities in Cisco Secure Firewall ASA and FTD VPN web servers tracked as CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 (CVSS 6.5). Improper validation of user-supplied HTTP(S) input allows crafted requests to execute arbitrary code with root privileges or to access restricted URLs without authentication. The critical defect requires valid VPN credentials to exploit; the medium-severity flaw does not. The bugs were discovered during investigation of compromises of ASA 5500-X devices used in attacks linked to the ArcaneDoor espionage campaign, where attackers deployed malware, ran commands, and likely exfiltrated data. Evidence suggests device persistence was achieved by tampering with ROM because affected devices lack Secure Boot and a trust anchor, and some indicators point to China-based actors.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]