4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Cisco ASA / FTD VPN Web Server Remote Code Execution Vulnerability
CVSS Score: 9.9 (Critical)
Identifier: CVE-2025-20333
Exploit or Proof of Concept (PoC): Yes — attempted exploitation has been observed in the wild
Update: CVE-2025-20333 – Cisco Security Advisory
Description:
CVE-2025-20333 is a critical remote code execution vulnerability in the VPN web server component of Cisco Secure Firewall ASA and Cisco Secure Firewall Threat Defense (FTD) software. The flaw results from improper validation of specially crafted HTTP(S) requests directed at the VPN web interface. An attacker with valid VPN user credentials may trigger this vulnerability by submitting malicious payloads, potentially leading to root-level command execution on the firewall.
Mitigation Recommendation:
Upgrade immediately to the fixed ASA/FTD software versions listed in the Cisco advisory. Because there are no reliable workarounds, treat this as a top-priority patch. Additionally, restrict access to VPN web interfaces, monitor for exploit traffic patterns, and review logs for anomalous HTTP requests with overflow signatures.