Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability

🚨 SEVERITY: MEDIUM — CVSS 6.5 Security Advisory

TL;DR 📌

A medium-severity vulnerability has been identified in the VPN web server of Cisco Secure Firewall ASA and FTD Software, allowing unauthenticated remote access to restricted URLs. No workarounds are available, and users are strongly advised to upgrade to fixed software releases.

What happened 🕵️‍♂️

A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated remote attacker to access restricted URL endpoints without authentication. This issue arises from improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server, potentially gaining access to restricted URLs.

Affected products 🖥️

The vulnerability affects Cisco Secure Firewall ASA and FTD Software running vulnerable releases with specific configurations that enable SSL listen sockets.

Vulnerable Configurations:

  • Cisco Secure Firewall ASA Software:

    • AnyConnect IKEv2 Remote Access
    • Mobile User Security (MUS)
    • SSL VPN

  • Cisco Secure Firewall FTD Software:

    • AnyConnect IKEv2 Remote Access
    • AnyConnect SSL VPN

Fixed software 🔧

Upgrade to the first fixed release in your train (or later):

Release / Product First Fixed Release Notes
1.0 Initial public release.
Cisco Secure Firewall ASA Not specified
Cisco Secure FMC Not specified
Cisco Secure FTD Not specified

Workarounds 🧯

There are no workarounds that address this vulnerability.

Risk in context 🎯

With a CVSS score of 6.5, this vulnerability is rated as Medium severity. The risk is significant as it allows unauthenticated access to restricted resources, which could lead to further exploitation or data exposure. Organizations should prioritize patching to mitigate this risk.

Fast facts ⚡

  • Vulnerability ID: CVE-2025-20362
  • CVSS Score: 6.5 (Medium)
  • Exploitation: Active attempts have been reported.
  • Workarounds: None available.
  • Recommended Action: Upgrade to fixed software.

For leadership 🧭

This vulnerability poses a Medium risk to our network security, as it allows unauthorized access to restricted URLs without authentication. The exposure is primarily through unauthenticated remote access, with no immediate workarounds available.

Remediation ask: Patch affected systems within 7 days to mitigate risk.

Operational impact: Expect a brief maintenance window with no configuration drift anticipated.

Clear Now / Next / Later:

  • Now: Identify affected devices and assess configurations.
  • Next: Schedule and implement software upgrades.
  • Later: Monitor for any signs of exploitation and review security policies.

Prompt action is essential to protect our network from potential unauthorized access.