CVE-2025-20362

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software (affected versions not specified)

Description A security issue exists in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This flaw allows a remote, unauthenticated attacker to bypass authorization checks and gain access to restricted URLs by sending specially crafted HTTP requests. The vulnerability is actively being exploited, with reports indicating attempted exploitation and real-world attacks. Approximately 34,000 devices are estimated to be vulnerable worldwide. The attacks have been linked to the ArcaneDoor threat actor. Exploitation can lead to unauthorized access to sensitive information and potential system compromise. The vulnerability is chained with CVE-2025-20333.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.