Print - 【Vulnerability Alert】Two critical security vulnerabilities (CVE-2025-20333 and CVE-2025-20363) have been identified in Cisco firewall systems.

【Vulnerability Alert】Two critical security vulnerabilities (CVE-2025-20333 and CVE-2025-20363) have been identified in Cisco firewall systems.

publish date : 2025-10-03 update date : 2025-10-03

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025093009095959	Publication Time	2025/09/30 09:13
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/09/30 09:13
Impact Level	Low
[Subject] 【Vulnerability Alert】Two critical security vulnerabilities (CVE-2025-20333 and CVE-2025-20363) have been identified in Cisco firewall systems.
[Content] Forwarded from TWCERTCC-200-202509-00000015 【CVE-2025-20333】 A critical security vulnerability (CVE-2025-20333, CVSS: 9.9) exists in the VPN web servers of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD). The vulnerability is caused by improper validation of user-supplied HTTP(S) requests. An attacker with valid VPN user credentials can exploit this flaw with specially crafted HTTP requests, allowing an authenticated remote attacker to execute arbitrary code as root on the affected device. 【CVE-2025-20363】 A critical security vulnerability (CVE-2025-20363, CVSS: 9.0) exists in the web services of Cisco Adaptive Security Appliance (ASA), Cisco Firepower Threat Defense (FTD) software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software. The vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could send specially crafted HTTP requests to the web services of affected devices to execute arbitrary code as root, potentially causing denial of service on the affected device. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 1.It is recommended to check the official website for the affected versions to determine whether your system is impacted by this vulnerability: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB 2.It is recommended to check the official website for the affected versions to determine whether your system is impacted by this vulnerability: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O"
[Recommended Actions] Apply the fixes according to the remediation instructions released on the official website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
[Reference] https://www.twcert.org.tw/tw/cp-169-10411-12ff4-1.html

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center