—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Cisco 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Software Affected

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 

Cisco Secure Firewall Threat Defense (FTD) Software

Cisco IOS ,IOS XE and IOS XR Software

Overview

Multiple vulnerabilities have been reported in Cisco products which could allow the attacker to execute arbitrary code and unauthorized access control on the targeted device.

Target Audience: 

All organizations and individuals using the affected Cisco products.

Risk Assessment:

High risks of remote code execution and unauthorized access.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

Multiple vulnerabilities exist in the web services and VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software due to improper validation of user-supplied input in HTTP and HTTP(S) requests. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device.

A successful exploit could allow an attacker to execute arbitrary code as root, potentially leading to the complete compromise of the affected device, the exploit may allow unauthorized access to restricted URLs without authentication.

Solution

Apply appropriate updates as mentioned in:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

CVE Name

CVE-2025-20363

CVE-2025-20333

CVE-2025-20362

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjWnvsACgkQ3jCgcSdc

ys/tIw/9Fzrvy3p7R2OWfHShI8SFUdS6PDysxTx3NB7uJ4tmFMqpqz2yJj9jkLHC

7boEvAtT0Ld3K0KPuesAMj043bUgsriz6iGfqaY7UyfhqG3ZGr2VH3pSV5rrkEg1

0WrMXWak2tzDGrBtC/rdCs75MWu5Csgqv04FjnLzzDyfFIjUJZBHT4gYjA5AR8fD

mhthPAg/doeuhtPDf3OMT565HKWqfXPTtPzMgi//lRUR4Aq75Kl60JryUUh0oWBK

gX7Q+se5yZ3ivYfKf1t4/eoeAqR3UM6jp0IrTckrQCOnR1QIeEcWdDPQa9cNyLt8

m363GNpKxKf2PbyfkZFtvHY35v3iHCJyXrws0G5oqHMkD95o8LeDfceMQ8sdahYY

sz2YcKwVaGynhs83cRBSAiRWCmE9n18p1SzFRAvxD2U3nE5A8tgK4F5LM0RYkj7f

aUdzdoHuuGU0NTZQgkX2I4iZ2fS6Ack73/7gjWM6rttCmFgBnJKxPo/jADamnUrd

rtO7jLtb8VRRTIh0MKbRL173z3h1vftbPqnA3G/jdwoePnoO2nt9MP+WF1O7tkfx

ELJXsgNvux9qMrCyWhBMhM9lrnPWqVpsZzmGEiulnnL3PbJqlIVv2SRj/l0FzJq6

KTB89B3Y1Rx1aLjfVVrWNmtOMOwL+56/WwoJIBW1awB6IQ+NZVE=

=p3ZB

—–END PGP SIGNATURE—–