Cisco Warns: Urgent ASA Firewall Patches Needed for Zero-Day Exploits
Cisco has issued a stark warning: active exploitation attempts are underway, targeting a critical zero-day vulnerability (CVE-2025-20333) in their ASA Firewalls. This security flaw, linked to the China-based hacker group UAT4356, or ArcaneDoor, could lead to complete device compromise.
The vulnerability stems from improper input validation in HTTP(S) requests processed by the VPN web server, classified as a CWE-120 buffer overflow. Attackers can exploit this to execute arbitrary code with root privileges, granting them full control over the firewall. A secondary vulnerability (CVE-2025-20362) even allows unauthenticated attackers to access restricted VPN endpoints.
Over 48,800 unpatched IP addresses were identified on September 29, 2025, with the United States bearing the brunt of exposure. The affected devices include Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, specifically targeting the VPN web server component. Successful attacks could result in significant data breaches and network disruptions.
Cisco has urged users to apply the available patches immediately. Affected devices, mainly end-of-life Cisco ASA 5500-X models lacking secure boot protections, are at high risk. Organizations are advised to review their firewall configurations, disable unnecessary services, and strengthen authentication mechanisms to mitigate potential threats.
Read also:
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
- Web3 Esports undergoes transformation as Aylab and CreataChain collaborate for a radical change
- Latest Tech Highlights: Top Gadgets of March 2025
