**Name of the Vulnerable Software and Affected Versions**

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software versions prior to and including v9.22.x, including v9.8.x, v9.12.x, v9.14.x, v9.16.x, v9.17.x, v9.18.x, v9.19.x, and v9.20.x

Cisco Secure Firewall Threat Defense (FTD) Software versions prior to and including v7.7.x, including v7.0.x, v7.2.x, v7.4.x, v7.6.x

**Description**

A flaw exists in the VPN web server of Cisco ASA and FTD Software that could allow a remote attacker with valid VPN user credentials to execute arbitrary code on an affected device. This is due to improper validation of user-supplied input in HTTP(S) requests. Successful exploitation could allow the attacker to execute code as root, potentially leading to a complete system compromise. The vulnerability is actively being exploited by threat actors, including the ArcaneDoor group, to deploy advanced malware and maintain persistence across reboots. As of September 25, 2025, approximately 55,852 Cisco ASA SSL VPN panels were exposed to the internet. The vulnerability is related to the SSL VPN functionality.

**Recommendations**

Update Cisco ASA Software to a version higher than v9.22.x

Update Cisco FTD Software to a version higher than v7.7.x