CVE-2025-20333

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance (ASA) Software versions prior to and including v9.22.x, including v9.8.x, v9.12.x, v9.14.x, v9.16.x, v9.17.x, v9.18.x, v9.19.x, and v9.20.x Cisco Secure Firewall Threat Defense (FTD) Software versions prior to and including v7.7.x, including v7.0.x, v7.2.x, v7.4.x, and v7.6.x

Description A flaw exists in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This issue is due to improper validation of user-supplied input in HTTP(S) requests, specifically a buffer overflow without size checking. Successful exploitation could allow an authenticated, remote attacker to execute arbitrary code as root, potentially leading to a complete system compromise. Approximately 55,852 systems are currently exposed on the internet. This vulnerability is actively being exploited by threat actors, including state-sponsored groups, to deploy malware such as RayInitiator and LINE VIPER. The vulnerability is exploited by sending crafted HTTP requests to the affected device.

Recommendations Update Cisco ASA Software to a version higher than v9.22.x. Update Cisco FTD Software to a version higher than v7.7.x.