Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers

Posted on By CWS

Cisco warns of a Crucial distant code execution flaw in internet companies throughout a number of Cisco platforms.  Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Rating of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS XR Software program.

Cisco Enter Validation Flaw (CVE-2025-20363)

The flaw stems from improper validation of user-supplied enter in HTTP requests. Attackers can craft malicious HTTP packets to bypass exploit mitigations and execute arbitrary shell instructions as root. 

For Cisco Safe Firewall ASA and FTD, no authentication is required; for IOS, IOS XE, and IOS XR, solely low-privileged authenticated entry is required.

Affected companies pay attention on SSL or HTTP ports when options corresponding to webvpn, AnyConnect SSL VPN, or the HTTP server are enabled. Instance CLI checks:

Profitable exploitation yields a root shell, probably resulting in full gadget compromise. 

Cisco acknowledges Keane O’Kelley of Cisco ASIG for locating the defect. Coordination with ASD, CSE, NCSC, and CISA contributed to the advisory.

All ASA Sequence (5500-X, ASAv, Firepower 1000/2100/4100/9000, Safe Firewall 1200/3100/4200), FTD platforms, IOS routers with SSL VPN, IOS XE routers, and ASR 9001 operating 32-bit IOS XR with HTTP enabled are susceptible. 

No workarounds exist. Prospects should improve to fastened releases instantly. The advisory gives detailed fastened variations per platform below the Fastened Software program part.

Threat FactorsDetailsAffected ProductsCisco Safe Firewall ASA & FTD Software program, Cisco IOS Software program & IOS XE Software program, Cisco IOS XR Software program (32-bit on ASR 9001 with HTTP server enabled)ImpactRemote unauthenticated code execution as rootExploit PrerequisitesSSL VPN (webvpn) or AnyConnect SSL VPN enabledCVSS 3.1 Score9.0 (Crucial)

Cisco recommends utilizing the Cisco Software program Checker to establish susceptible releases and the earliest patches. Directors ought to audit gadget configurations to verify SSL VPN or HTTP server standing. 

For ASA/FTD, confirm webvpn or AnyConnect SSL VPN settings; for IOS XR, guarantee run uname -s returns Linux or disable HTTP through no http server. Cisco PSIRT confirms no energetic exploitation within the wild.

Comply with us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Wireshark 4.4.9 Released With Fix For Critical Bugs and Updated Protocol Support Cyber Security News
Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions Cyber Security News
CISA Warns of Fortinet FortiOS Hard-Coded Credentials Vulnerability Exploited in Attacks Cyber Security News
North Korean Hackers Stealthy Linux Malware Leaked Online Cyber Security News
WhatsApp, Chrome 0-Day, AI Ransomware, and Cyber Attacks Cyber Security News
How To Defend Against These Phishing Kit Attacks  Cyber Security News