Cisco announced Wednesday that it has become aware of a new attack variant that targets devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases susceptible to CVE-2025-20333 and CVE-2025-20362.
“This attack could cause unpatched devices to reload unexpectedly, leading to a denial of service (DoS) condition,” the company said in its latest advisory, urging customers to apply the update as soon as possible.
According to the UK’s National Cyber Security Center (NCSC), both vulnerabilities were disclosed in late September 2025, but prior to that they were exploited as zero-day vulnerabilities in attacks that distributed malware such as RayInitiator and LINE VIPER.
Successful exploitation of CVE-2025-20333 allows the attacker to execute arbitrary code as root via a crafted HTTP request, while CVE-2025-20362 allows the attacker to access restricted URLs without authentication.
This update comes after Cisco addressed two critical security flaws in Unified Contact Center Express (Unified CCX) that could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and escalate privileges to root.
The networking equipment giant acknowledged that security researcher Jamel Harris discovered and reported the flaw. The vulnerabilities are listed below –
CVE-2025-20354 (CVSS Score: 9.8) – A vulnerability in the Java Remote Method Invocation (RMI) process in Unified CCX allows an attacker to upload arbitrary files and execute arbitrary commands with root privileges on an affected system. CVE-2025-20358 (CVSS Score: 9.4) – A vulnerability in the Contact Center Express (CCX) Editor application in Unified CCX allows an attacker to bypass authentication, gain administrative privileges, and create and execute arbitrary scripts on the underlying operating system.
These are addressed in the next version.
Cisco Unified CCX Release 12.5 SU3 and earlier (fixed in 12.5 SU3 ES07) Cisco Unified CCX Release 15.0 (fixed in 15.0 ES01)
In addition to the two vulnerabilities, Cisco has shipped a patch for a high-severity DoS bug (CVE-2025-20343, CVSS score: 8.6) in Identity Services Engine (ISE). This bug could allow an unauthenticated, remote attacker to cause a vulnerable device to restart unexpectedly.
“The vulnerability is due to a logic error in processing RADIUS access requests for MAC addresses that are already denied endpoints.” “An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS Access Request messages to Cisco ISE.”
Although there is no evidence that the three security flaws have been exploited in the wild, it is important for users to apply the updates as soon as possible for optimal protection.
Source link
