CVE-2025-20362 is a medium-severity vulnerability affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. With a CVSS score of 6.5, this vulnerability allows an unauthenticated remote attacker to gain access to restricted URL endpoints related to the remote access VPN, which should be inaccessible without proper authentication. The risk to organizations includes unauthorized access to sensitive information and potential exploitation by attackers.
Cisco published information about this vulnerability on September 25, 2025, and has categorized it under CWE-862, indicating a missing authorization issue. The urgency for defenders to act is critical, as unpatched devices may experience unexpected reloads, leading to denial of service (DoS) conditions. Organizations should prioritize patching immediately.
Currently, there are no known public exploits for this vulnerability, and it is included in the Known Exploited Vulnerabilities (KEV) catalog, indicating that it is actively being exploited in the wild. Organizations are advised to upgrade to the fixed software releases listed in the vendor's advisory to mitigate potential risks.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)