Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass

Source: Cyber Security News

Author: Guru Baran

URL: https://cybersecuritynews.com/cisco-asa-and-ftd-software-0-day-vulnerability/

ONE SENTENCE SUMMARY:

Cisco’s advisory highlights a zero-day exploit chain, combining two vulnerabilities for remote code execution, urging immediate software updates.

MAIN POINTS:

1. Cisco released advisories on zero-day exploits affecting ASA and FTD software.
2. The exploit chain uses vulnerabilities CVE-2025-20362 and CVE-2025-20333.
3. Unauthenticated remote code execution is the primary risk from these exploits.
4. CVE-2025-20362 allows authentication bypass, achieved through path traversal.
5. CVE-2025-20333 is a buffer overflow within the WebVPN file upload process.
6. Attackers can exploit these flaws via unauthorized endpoints.
7. Rapid7 analysis points to memory corruption through crafted HTTP requests.
8. A third vulnerability, CVE-2025-20363, was patched but isn’t actively exploited.
9. Cisco released updates, including ASAv 9.16.4.85, to mitigate threats.
10. Immediate system updates are crucial to prevent potential exploitation.

TAKEAWAYS:

1. Cisco’s firewall products are under active targeted attacks via a zero-day exploit chain.
2. Critical vulnerabilities allow attackers to bypass authentication and execute remote code.
3. Exploits involve a complex two-stage process targeting the WebVPN component.
4. Updating software to the latest versions is crucial for security.
5. Cisco’s security patches provide necessary defenses against active exploits.