Cisco ASA and FTD - Zero Day

Fortra is actively researching two critical Cisco vulnerabilities, CVE-2025-20333 and CVE-2025-20363 that could allow attackers to execute arbitrary code on affected devices.

CVE-2025-20333 enables authenticated users to gain root access through crafted HTTP requests and is actively being exploited in the wild. CVE-2025-20363 affects ASA, FTD, IOS, IOS XE, and IOS XR software and could allow both unauthenticated and low-privileged authenticated users to execute arbitrary code.

On the same announcement, Cisco alerted about CVE-2025-203632, base score 6.5 – CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, which can let unauthenticated attackers bypass access controls. If exploited alongside CVE-2025-20333, it could enable full remote control of affected systems, significantly increasing risk.

No workarounds are available, and Cisco highly recommends updating the latest software versions. If patching is not immediately possible, organizations should disable or limit HTTPS web services and restrict management interfaces to trusted subnets.

Who is affected?

The following platforms are impacted by this vulnerability:

• CVE-2025-20333
  • Cisco ASA: Versions 9.12, 9.14, 9.16, 9.17, 9.18, 9.19, 9.20, 9.22 with AnyConnect IKEv2 Remote Access (with client services), Mobile User Security (MUS), or SSL VPN enabled.
  • Cisco FTD: Versions 7.0, 7.2, 7.4, 7.6 with AnyConnect IKEv2 Remote Access (with client services) or AnyConnect SSL VPN enabled.
• CVE-2025-20363
  • Cisco ASA: Versions 9.16, 9.18, 9.19, 9.20, 9.22, 9.23 with Mobile User Security (MUS) or SSL VPN enabled.
  • Cisco FTD: Versions 7.0, 7.2, 7.4, 7.6, 7.7 with AnyConnect SSL VPN enabled.
  • Cisco IOS/ IOS XE: Versions 17.x, 16.x with Remote Access SSL VPN enabled.

What can I do?

Cisco strongly recommends updating affected devices to the fixed software versions listed in their advisories. No workarounds are available for either CVE.

CVE-2025-20333

• Cisco ASA: 9.12.4.72, 9.14.4.28, 9.16.4.85, 9.17.1.45, 9.18.4.47, 9.19.1.37, 9.20.3.7, 9.22.1.3
• Cisco FTD: 7.0.8.1, 7.2.9, 7.4.2.4, 7.6.1
• Cisco Security Advisory
• NVD Reference

CVE-2025-20363

• Cisco ASA: 9.16.4.85, 9.18.4.67, 9.20.4.10, 9.22.2.14, 9.23.1.19
• Cisco FTD: 7.0.8, 7.2.10, 7.4.2.3, 7.6.1, 7.7.10
• Cisco IOS and IOS XE: 16.12.14, 17.9.8
• Cisco Security Advisory
• NVD Reference

How is Fortra helping me?

Fortra is actively researching this threat to build detection capabilities. 

Updates

Fortra has kicked off the Emerging Threats process for this vulnerability. This article will be updated with new information about this vulnerability and related security coverage as it becomes available.