πŸ”΄ CVE-2025-20333

CVE-2025-20333 is a critical buffer overflow vulnerability in the VPN web server component of Cisco ASA and Firepower Threat Defense Software that allows authenticated remote attackers to execute arbitrary code as root. This vulnerability is actively being exploited in the wild and affects internet-facing VPN appliances that are commonly deployed with public internet access.

← Back to Overview
HIGH_RISK
Risk Level
9.9
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 β€” Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

πŸ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-09-25

Added to CISA KEV: 2025-09-25 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

πŸ” Web Intelligence (Kagi Β· 2025-09-25)

CVE-2025-20333 is a critical vulnerability affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense Software [1]. Here's what is known about its exploitation:

  • Internet-facing applications or services: The vulnerability affects internet-facing applications and services, specifically the VPN web server [1].
  • Active exploitation in the wild: There is evidence of active exploitation of CVE-2025-20333 in the wild [4][5].
  • Attack vectors and exploitation methods: Technical details suggest that remote code execution is a primary exploitation method [2].
  • Targeted attacks: CVE-2025-20333 has been used in targeted attacks [6][7].
  • CISA Known Exploited Vulnerabilities (KEV) status: The CISA KEV catalog includes this CVE, indicating its severe risk and active exploitation [3][4].

Sources

  1. Cisco Security Advisory

    A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat ...

  2. GitHub - omer-efe-curkus/CVE-2025-32433-Erlang-OTP...

    CVE-2025-32433-Erlang-OTP-SSH-RCE-PoC. The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code without prior authentication. Description.Vulnerability Check: Determine if a target is vulnerable to CVE-2025-32433. Exploit Execution: Execute arbit…

  3. Known Exploited Vulnerabilities Catalog

    CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their ...

  4. CISA Adds Four Known Exploited Vulnerabilities to Catalog

    CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

  5. CISA Adds Six Known Exploited Vulnerabilities to Catalog

    CISA has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

πŸ“„ Download JSON Data | πŸ“‘ RSS Feed