CVE-2025-20362

Name of the Vulnerable Software and Affected Versions Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software versions (affected versions not specified) Cisco IOS Software (affected versions not specified) Cisco IOS XE Software (affected versions not specified) Cisco IOS XR Software (affected versions not specified)

Description A security issue exists in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. This flaw allows a remote, unauthenticated attacker to bypass authorization mechanisms and gain access to restricted URLs by sending specially crafted HTTP requests. The vulnerability is actively being exploited in attacks, with reports indicating attempted exploitation and potential compromise of critical infrastructure. Approximately 34,000 devices are estimated to be vulnerable worldwide. The attacks have been linked to the ArcaneDoor threat actor, potentially associated with China. Exploitation can lead to system compromise, the deployment of spyware, and the theft of sensitive data. The vulnerability is also chained with other vulnerabilities (CVE-2025-20333 and CVE-2025-20363) to achieve root access and establish firmware persistence. The attacks can force firewalls into reboot loops, disrupting network operations.

Recommendations Update Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software to the latest version. Update Cisco IOS Software to the latest version. Update Cisco IOS XE Software to the latest version. Update Cisco IOS XR Software to the latest version. Monitor logs for anomalies.