CVE-2025-20333

Warnung

Medienbericht

EPSS 1.03%
Veröffentlicht 25.09.2025 16:15:32
Zuletzt bearbeitet 26.09.2025 14:08:43
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

 This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.

Betroffene Produkte Warnungen 2 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Adaptive Security Appliance Software Version >= 9.12 < 9.12.4.72

Cisco ≫ Adaptive Security Appliance Software Version >= 9.14 < 9.14.4.28

Cisco ≫ Adaptive Security Appliance Software Version >= 9.16 < 9.16.4.85

Cisco ≫ Adaptive Security Appliance Software Version >= 9.17.0 < 9.17.1.45

Cisco ≫ Adaptive Security Appliance Software Version >= 9.18 < 9.18.4.47

Cisco ≫ Adaptive Security Appliance Software Version >= 9.19 < 9.19.1.37

Cisco ≫ Adaptive Security Appliance Software Version >= 9.20 < 9.20.3.7

Cisco ≫ Adaptive Security Appliance Software Version >= 9.22 < 9.22.1.3

Cisco ≫ Firepower Threat Defense Version >= 7.0.0 < 7.0.8.1

Cisco ≫ Firepower Threat Defense Version >= 7.1.0 < 7.2.9

Cisco ≫ Firepower Threat Defense Version >= 7.3.0 < 7.4.2.4

Cisco ≫ Firepower Threat Defense Version7.6.0

25.09.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability

Schwachstelle

Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.

Beschreibung

The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor’s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available.

Erforderliche Maßnahmen

26.09.2025: CERT.at Warnung

https://www.cert.at/de/warnungen/2025/9/schwerwiegende-sicherheitslucken-in-cisco-adaptive-security-appliance-aktiv-ausgenutzt-updates-verfugbar

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.03%	0.767

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.heise.de/news/Jetzt-patchen-Schadcode-Attacken-auf-ASA-FTD-Firewalls-von-Cisco-10671410.html

Medienbericht

heise Security

https://www.heise.de/news/Laufende-Attacken-Ueber-2300-Cisco-Firewalls-in-Deutschland-noch-verwundbar-10695773.html

Medienbericht

heise Security

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-20333

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20333

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20333

EUVD