CVE-2025-20362: 
Cisco Adaptive Security Appliance (ASA) Schwachstellenanalyse und -minderung

A vulnerability (CVE-2025-20362) was discovered in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to access restricted URL endpoints related to remote access VPN that should be inaccessible without authentication. The vulnerability was disclosed on September 25, 2025, and is tracked with a CVSS base score of 6.5 (Cisco Advisory).

The vulnerability stems from improper validation of user-supplied input in HTTP(S) requests. The issue is classified as a Missing Authorization vulnerability (CWE-862). The vulnerability affects multiple versions of Cisco ASA Software (versions 9.8.x through 9.23.x) and Cisco FTD Software (versions 6.2.x through 7.7.x). The CVSS score of 6.5 (Medium) reflects the attack vector being network-accessible (AV:N), low attack complexity (AC:L), requiring no privileges (PR:N), and no user interaction (UI:N) (NVD).

A successful exploitation of this vulnerability allows an attacker to access restricted URLs without authentication. The vulnerability is particularly concerning as it can be chained with other vulnerabilities, specifically CVE-2025-20333, to achieve remote code execution with root privileges on affected devices (Rapid7).

Cisco has released software updates to address this vulnerability and strongly recommends that customers upgrade to a fixed software release. There are no workarounds available for this vulnerability. For ASA Software, fixed versions include 9.16.4.85, 9.18.4.67, 9.20.4.10, 9.22.2.14, and 9.23.1.19. For FTD Software, fixed versions include 7.0.8.1, 7.2.10.2, 7.4.2.4, 7.6.2.1, and 7.7.10.1 (Cisco Event Response).

Multiple government agencies, including the Australian Signals Directorate, the Canadian Centre for Cyber Security, the UK National Cyber Security Centre (NCSC), and the U.S. Cybersecurity & Infrastructure Security Agency (CISA), have been involved in investigating and responding to attacks exploiting this vulnerability. CISA has added this vulnerability to their Known Exploited Vulnerabilities catalog, requiring federal agencies to take immediate action (Cisco Advisory).