Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

Cisco revealed on Wednesday that a fresh attack variant is targeting devices running specific Cisco Secure Firewall Adaptive Security Appliance (ASA) and Threat Defense (FTD) software versions, vulnerable to CVE-2025-20333 and CVE-2025-20362. According to Cisco’s updated advisory, this new attack can trigger unpatched devices to reload unexpectedly, causing denial-of-service (DoS) conditions, which means disrupted network services for users. The company strongly urged customers to install the available updates immediately to avoid any service interruptions. These two vulnerabilities were initially disclosed in late September 2025 but had already been exploited as zero-day vulnerabilities before becoming public knowledge. The UK’s National Cyber Security Centre (NCSC) reported that these exploits were used in attacks delivering malware like RayInitiator and LINE VIPER. CVE-2025-20333 is particularly severe because it lets attackers execute arbitrary code with root privileges by sending specially crafted HTTP requests, while CVE-2025-20362 allows unauthorized access to restricted URLs without authentication. In addition to firewall vulnerabilities, Cisco addressed two critical security flaws found in Unified Contact Center Express (Unified CCX) software. These issues could let unauthenticated remote attackers upload arbitrary files, bypass authentication, run arbitrary commands, and escalate privileges to root. Security researcher Jahmel Harris was credited for discovering and reporting these vulnerabilities. The first, CVE-2025-20354 (CVSS score 9.8), involves a weakness in the Java Remote Method Invocation (RMI) process, enabling attackers to upload and execute arbitrary files with root access. The second, CVE-2025-20358 (CVSS score 9.4), affects the CCX Editor application and allows attackers to bypass authentication and gain admin rights to create and execute scripts on the underlying operating system. Cisco has patched these Unified CCX flaws in specific software versions: the 12.5 SU3 release (fixed in 12.5 SU3 ES07) and the 15.0 release (fixed in 15.0 ES01). Besides these, Cisco also fixed a high-severity DoS vulnerability (CVE-2025-20343, CVSS score 8.6) in the Identity Services Engine (ISE). This flaw stems from a logic error during the processing of RADIUS access requests involving MAC addresses already marked as rejected. An attacker can exploit this by sending multiple crafted RADIUS messages, causing the device to restart unexpectedly. Although there’s no current evidence indicating these three latest security flaws have been exploited in the wild, Cisco stresses the importance of promptly applying patches to ensure optimal protection. The swift action in releasing fixes highlights Cisco’s commitment to security and the ongoing battle against emerging cyber threats. Users and organizations relying on Cisco products are strongly advised to prioritize these updates to mitigate risks from these significant vulnerabilities.