Cisco has confirmed two serious vulnerabilities impacting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls.
Tracked as CVE-2025-20333 and CVE-2025-20362, both issues allow attackers to run arbitrary code on unpatched devices. Cisco security advisories warn that exploits for both flaws are already in the wild.
Organizations worldwide are urged to check their devices and apply the latest software updates immediately.
Shadowserver’s daily vulnerable HTTP report now includes a live list of ASA/FTD instances susceptible to these 0-day bugs. On September 29, security researchers discovered 48,800+ publicly reachable IPs still running outdated firewall versions.
The United States tops the list of exposed hosts, followed by Germany, Brazil, India, and the United Kingdom.
These vulnerabilities pose a dire risk to network defenses, as exploited firewalls can let attackers bypass perimeter security, steal data, or pivot inside corporate networks. Many small and mid-sized organizations lack rapid patch processes, making them prime targets.
| CVE | Affected Products | Impact | Exploit Prerequisites | CVSS 3.1 Score |
| CVE-2025-20333 | Cisco ASA and FTD through 9.18.1.17 | Remote code execution, full OS control | Network access to management interface | 9.8 |
| CVE-2025-20362 | Cisco ASA and FTD through 9.18.1.17 | Privilege escalation, command injection | Valid user credentials | 9.1 |
Organizations using legacy ASA models or missing recent Maintenance Releases are most at risk. Cisco’s patches address both flaws by tightening input validation and fixing memory handling routines.
Shadowserver Foundation now publishes a daily HTTP report listing vulnerable ASA/FTD instances:
On September 29, Shadowserver recorded:
- 48,800+ vulnerable IPs worldwide
- Top affected country: United States
- Notable counts: Germany (5,200+), Brazil (4,500+), India (3,800+), United Kingdom (3,300+)
Network teams should subscribe for daily updates and cross-check their public IP ranges against Shadowserver’s list.
Mitigation and Best Practices
- Patch immediately: Download the latest ASA/FTD software from Cisco’s advisory portal and install Maintenance Release 9.18.1.18 or later.
- Limit management access: Restrict web and API access for ASA/FTD interfaces to trusted IPs only.
- Harden credentials: Enforce multi-factor authentication and strong passwords for all firewall admin accounts.
- Monitor logs: Watch for unusual admin logins, configuration changes, or anomalous traffic flows.
- Network segmentation: Isolate critical assets behind additional layers of defense in case a firewall is compromised.
Given the active exploitation and high CVSS scores, these 0-days demand urgent attention. Failing to secure ASA/FTD instances risks full network compromise and data theft. Ensure your security teams act now to close this dangerous gap.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
![CyberheistNews Vol 15 #37 [New Report] Shadow AI Threats Are Increasing. Here’s How to Spot Them](https://vedvision.info/wp-content/uploads/2025/09/1758037084_CHN-Social-scaled.jpg "CyberheistNews Vol 15 #37 [New Report] Shadow AI Threats Are Increasing. Here’s How to Spot Them")
