CVE-2025-20362

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software versions prior to the fix included in the patch released in September 2025 Cisco IOS Software versions prior to the fix included in the patch released in September 2025 Cisco IOS XE Software versions prior to the fix included in the patch released in September 2025 Cisco IOS XR Software versions prior to the fix included in the patch released in September 2025

Description A flaw exists in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This issue allows an unauthenticated, remote attacker to bypass authorization controls and access restricted URL endpoints related to remote access VPN functionality. The vulnerability has been actively exploited in attacks, with reports indicating attempted exploitation and compromise of critical infrastructure. Approximately 34,000 devices are estimated to be vulnerable worldwide. The attacks have been linked to the ArcaneDoor threat actor, potentially a Chinese-backed group. Exploitation can lead to unauthorized access, potential espionage, and disruption of network services. The vulnerability is often chained with CVE-2025-20333. The exploitation of this vulnerability can force firewalls into reboot loops.

Recommendations Update Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software to the latest version released in September 2025. Update Cisco IOS Software to the latest version released in September 2025. Update Cisco IOS XE Software to the latest version released in September 2025. Update Cisco IOS XR Software to the latest version released in September 2025.