- 50,000 Cisco firewalls vulnerable to actively exploited RCE failures CVE-2025-20333 and 20362
- Cisco and Cisa urge immediate patches; There are no solutions available for affected ASA/FTD devices
- Shadowserver found 48.8k IPS without patches; The main affected countries include USA., United Kingdom and Germany
Around 50,000 Cisco Firewalls connected to the Internet are vulnerable to two actively exploited failures, granting to the non -authorentic threat actors the execution of the remote code (RCE), as well as the total control over the compromised devices.
Cisco recently launched patches for CVE-2025-20333 and CVE-2025-20362, two errors that affect their adaptive solutions of security apparatus (ASA) and Firewall threat defense (FTD).
The first is a vulnerability of overflow of the shock absorber with a gravity score of 9.9/10 (critical), while the second is a missing authorization defect with a gravity score of 6.5/10 (medium).
Ee. Uu. Most affected
In the security notice, Cisco urged customers to apply the patch as soon as possible, stating that he is aware of “exploitation attempt” in nature.
“Cisco continues to strongly recommend that customers update a fixed software launch to remedy this vulnerability,” he said.
At the same time, the Shadowserver Foundation, a non -profit global cyber security data organization, shared in X that as of September 30, there are almost 50,000 final points set out:
“ATTENTION! CISCO ASA/FTD CVE-2025-20333 and CVE-2025-20362 Incidents: Now we are sharing vulnerable instances of Cisco ASA/FTD vulnerable daily in our vulnerable HTTP reports. More than 48.8k ip IP Non-ecological found found 2025-09-29. High affected: USA”, the TWEET readings. At the time of the publication, the United States had 19,610 instances exposed, followed by the United Kingdom with 2,834, and Germany with 2,392.
At this time, the best way to mitigate the threat is to apply the patch, especially because there are no solutions. Bleepingcomputer The reported temporary hardening steps could include the restriction of exposure to the VPN web interface and increase registration and monitoring for VPN session suspects and HTTP applications designed.
The United States Cybersecurity and Infrastructure Security Agency (CISA) recently urged government agencies to address these two defects, claiming that they were being actively exploited.
According to Emergency Directive 25-03, published on September 25, 2025, CISA said there is a “generalized” attack campaign aimed at adaptive Cisco appliances and fire power firewall devices.
Through Bleepingcomputer
