Unrated severityCISA KEVNVD Advisory· Published Sep 25, 2025· Updated Feb 26, 2026
CVE-2025-20333
CVE-2025-20333
Description
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Cisco Systems, Inc./Adaptive Security Appliance Cx Context Aware Security Softwarellm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 9.8.1
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 6.2.3
Patches
Vulnerability mechanics
References
1News mentions
7- Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial AccessCyber Security News · May 22, 2026
- New Cisco DoS flaw requires manual reboot to revive devicesBleepingComputer · May 6, 2026
- ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & MoreThe Hacker News · Apr 27, 2026
- FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security PatchesThe Hacker News · Apr 24, 2026
- It pays to be a forever studentCisco Talos Intelligence · Apr 23, 2026
- UAT-4356's Targeting of Cisco Firepower DevicesCisco Talos Intelligence · Apr 23, 2026
- FIRESTARTER BackdoorCISA Alerts