Cisco vulnerabilities CVE-2025-20352 (SNMP), CVE-2025-20363 (ASA RCE), CVE-2025-20333 (ASA, VPN RCE)

by | Sep 29, 2025 | News

There are three vulnerabilities in CIsco software that are actively exploited in the wild. We suggest updating the software as soon as possible.

CVE-2025-20352, is a vulnerability in SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software that could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device that is running Cisco IOS Software or Cisco IOS XE Software. The vulnerability can be mitigated by restricting SNMP access or by disabling the service. For further details see https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte or https://nvd.nist.gov/vuln/detail/CVE-2025-20352

Then there are two critical vulnerabilities in Cisco VPN and ASA.

CVE-2025-20363 is a vulnerability in web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, remote attacker (Cisco ASA and FTD Software) or authenticated, remote attacker (Cisco IOS, IOS XE, and IOS XR Software) with low user privileges to execute arbitrary code on an affected device. No mitigation is possible, upgrade to the version that fixes the issue is necessary. Please see https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O or https://nvd.nist.gov/vuln/detail/CVE-2025-2036 for further details.

CVE-2025-20333 is a critical vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software which could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. No mitigation is possible, upgrade to the fixed version is necessary. See: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB or https://nvd.nist.gov/vuln/detail/CVE-2025-20333.

Please update the software to the fixed version as soon as possible.

This website only uses strictly necessary cookies that allow core website functionality. Privacy Policy
Privacy Policy