CVE-2025-20362 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-09-25

Added to CISA KEV: 2025-09-25 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
Immediately upgrade to fixed software releases as recommended by Cisco
Monitor VPN web server access logs for suspicious HTTP requests and unauthorized access attempts
Critical patch priority - treat as emergency due to active exploitation and internet-facing exposure

🔍 Web Intelligence (Kagi · 2025-09-25)

CVE-2025-20362 is a vulnerability in Cisco Secure Firewall ASA and FTD Software that allows unauthenticated, remote attackers to access restricted URL endpoints ^[1]. Here's a breakdown of what is known about its exploitation:

Internet-facing applications or services: Yes, this vulnerability affects internet-facing applications and services.
Active exploitation in the wild: There is strong evidence of active exploitation in the wild.
Attack vectors and exploitation methods: The attack vector involves improper validation of user-supplied input to the VPN web server.
Targeted attacks: It has been used in targeted attacks.
CISA Known Exploited Vulnerabilities (KEV) status: The CISA KEV catalog indicates active exploitation of this vulnerability.
Technical details about internet exploitability: The vulnerability is exploited via the VPN web server due to improper validation of user-supplied input.^[1]

Sources

Cisco Security Advisory
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat ...

🔴 CVE-2025-20362

📋 Vulnerability Details

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-25)

Sources