Cisco Firewall, Unified CCX, and ISE Vulnerability Summary (Nov 2025)

CVE-2025-20333 and CVE-2025-20362 Details

Cisco disclosed a new active attack variant targeting and exploiting the previously known vulnerabilities in the Cisco Secure Firewall ASA and FTD  software (CVE-2025-20333 and CVE-2025-20362) leading to unpatched devices to reboot/reload unexpectedly creating the conditions needed for a denial of service (DoS) attack.

The critical remote code execution (RCE) vulnerability, CVE-2025-20333, exists in the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software. This flaw arises when improper validation of user-supplied inputs in HTTP(S) requests is handled by the VPN web service. An authenticated remote attacker (with valid VPN credentials) can send crafted HTTP requests to execute arbitrary code as root, leading to full device compromise and takeover. Cisco confirmed the active exploitation attempts using this new attack variant to trigger unexpected device…