CVE-2025-20362:
Cisco Adaptive Security Appliance (ASA) Análisis y mitigación de vulnerabilidades
Vista general
A vulnerability (CVE-2025-20362) was discovered in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This vulnerability allows an unauthenticated, remote attacker to access restricted URL endpoints related to remote access VPN that should otherwise be inaccessible without authentication. The vulnerability was disclosed on September 25, 2025, and has been actively exploited in the wild (Cisco Advisory).
Técnicas
The vulnerability stems from improper validation of user-supplied input in HTTP(S) requests. It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. The vulnerability is classified as CWE-862 (Missing Authorization). An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device (Cisco Advisory, NVD).
Impacto
A successful exploitation of this vulnerability allows an attacker to access restricted URLs without authentication. This vulnerability has been observed being chained with CVE-2025-20333 to achieve remote code execution with root-level privileges on affected systems (Rapid7).
Mitigación y soluciones alternativas
Cisco has released software updates that address this vulnerability and strongly recommends that customers upgrade to a fixed software release. There are no workarounds that address this vulnerability. For ASA Software, fixed versions include 9.16.4.85, 9.18.4.67, 9.20.4.10, 9.22.2.14, and 9.23.1.19. For FTD Software, fixed versions include 7.0.8.1, 7.2.10.2, 7.4.2.4, 7.6.2.1, and 7.7.10.1 (Cisco Event Response).
Reacciones de la comunidad
The vulnerability has garnered significant attention from government cybersecurity agencies. The Australian Signals Directorate, Canadian Centre for Cyber Security, UK National Cyber Security Centre (NCSC), and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have all been involved in supporting the investigation of this vulnerability (Cisco Advisory).
Recursos adicionales
Fuente: Este informe se generó utilizando IA
Relacionado Cisco Adaptive Security Appliance (ASA) Vulnerabilidades:
Evaluación gratuita de vulnerabilidades
Compare su postura de seguridad en la nube
Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.
Recursos adicionales de Wiz
Obtén una demostración personalizada
¿Listo para ver a Wiz en acción?
"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."