A new attack variant against devices using Cisco Secure ASA Software or Cisco Secure FTD Software updates that are impacted by CVE-2025-20333 and CVE-2025-20362 was discovered by Cisco.
Unpatched devices may unexpectedly reload because of this attack, creating denial of service (DoS) circumstances. It is highly recommended by Cisco that all users update to the updated software releases specified in this advisory’s updated Software section.
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software may make it possible for a remote, unauthenticated attacker to access restricted URL endpoints associated with remote access VPN that should not be accessible without authentication.
Inadequate validation of user-supplied input in HTTP(S) requests is the cause of this vulnerability. By sending specially constructed HTTP requests to a specific web server on a device, an attacker could take advantage of this vulnerability.
If the exploit is effective, the attacker could be able to get unauthorized access to a restricted URL.
Software updates from Cisco have fixed this vulnerability. To address this glitch, Cisco still strongly advises users to update to a corrected software release. This vulnerability is not addressed by any workarounds.
Until an upgrade to a corrected software release is available, Cisco views any mitigations and workarounds as temporary fixes. Cisco strongly advises users to update to the fixed software mentioned in this advice to completely solve this vulnerability and prevent future exposure as specified in this advisory.
