CVE-2025-20362 is a missing authorization vulnerability in the VPN web server component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. The flaw arises from improper validation of user-supplied input in HTTP(S) requests, allowing an unauthenticated remote attacker to bypass authentication and access restricted URL endpoints related to remote access VPN functionality. This unauthorized access could expose sensitive VPN configuration or status information, potentially aiding further exploitation or reconnaissance. In November 2025, Cisco identified a new attack variant that exploits this and a related vulnerability (CVE-2025-20333) to cause unpatched devices to reload unexpectedly, leading to denial of service conditions. The vulnerability affects numerous ASA software versions spanning from 9.8.1 through 9.23.1.13, indicating a broad impact across many Cisco deployments. The vulnerability requires no privileges or user interaction, making it relatively easy to exploit remotely over the network. Cisco has released fixed software versions and strongly urges customers to upgrade to mitigate the risk. No known exploits are reported in the wild yet, but the potential for unauthorized access and DoS makes this a significant concern for organizations relying on Cisco ASA and FTD devices for VPN and firewall services.

The vulnerability allows unauthenticated attackers to bypass authorization controls on Cisco Secure Firewall ASA and FTD VPN web servers, potentially exposing sensitive VPN-related URLs and information. This unauthorized access could facilitate further attacks, such as reconnaissance, credential harvesting, or exploitation of other vulnerabilities. The newly discovered attack variant causing device reloads can lead to denial of service, disrupting network security and remote access capabilities. Organizations relying on these Cisco devices for VPN access and firewall protection may experience confidentiality breaches and service interruptions. Given the widespread use of Cisco ASA and FTD products globally, the impact could be significant, affecting enterprise networks, government agencies, and critical infrastructure providers. The medium CVSS score reflects moderate risk, but the ease of exploitation without authentication and the broad affected version range increase the urgency for remediation. Failure to patch could result in unauthorized access to sensitive network segments and potential operational downtime.

1. Immediately upgrade Cisco Secure Firewall ASA and FTD devices to the fixed software versions provided by Cisco to address CVE-2025-20362 and related vulnerabilities. 2. Apply defense-in-depth measures such as restricting management interface access to trusted IP addresses and networks to reduce exposure of the VPN web server. 3. Monitor network traffic for unusual HTTP(S) requests targeting VPN web server endpoints that could indicate exploitation attempts. 4. Implement strict network segmentation to limit the impact of any unauthorized access gained through this vulnerability. 5. Regularly audit and review VPN configurations and access logs to detect anomalies. 6. Employ intrusion detection/prevention systems (IDS/IPS) with updated signatures to detect attempts to exploit this vulnerability. 7. Maintain an up-to-date asset inventory to ensure all affected devices are identified and patched promptly. 8. Consider temporary disabling or restricting VPN web server access if immediate patching is not feasible, balancing operational needs and security risks.