Mitigate Vulnerabilities with Cisco Devices

Critical zero-day exploits have been discovered in Cisco Adaptive Security Appliances (ASA) and Secure Firewall Threat Defense (FTD) appliances. The vulnerabilities impact all Cisco ASA platforms (ASA hardware, ASA-Service Module [ASA-SM], ASA Virtual [ASAv], and ASA firmware on Firepower 2100/4100/9300) and all Cisco Firepower Threat Defense (FTD) appliances. These vulnerabilities are actively being exploited by advanced threat actors. Immediate action is required to mitigate this significant security risk.

Vulnerability Details
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-20333 – Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow
• CVE-2025-20362 – Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability.   

Additional guidance:

• Cisco Security Advisory – Vendor Alert and Mitigation Recommendations

Cisco has released software updates that address this vulnerability. Cisco strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability. There are no workarounds that address this vulnerability.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the enterprise. 

Recommended Mitigation Actions:
To address these vulnerabilities and enhance the security of your systems, we strongly recommend that you take the following actions:

• Review and immediately apply vendor recommended mitigations provided here.
• Patch systems with the latest software updates to address the vulnerability.

Securing the defense industrial base is a team sport. Consider joining the National Defense Information Sharing and Analysis Center (ND-ISAC) to better understand the latest threats.

• ND-ISAC is the official ISAC for the DIB Critical Infrastructure Sector recognized by DOD and DHS. The ND-ISAC is a private sector self-organized and self-governing entity and a trusted partner providing exceptional technical solutions and support to its members. Email ND-ISAC to contact the team or visit ND-ISAC’s public-facing website below.