CVE-2025-20362
Published: 25 September 2025
Summary
CVE-2025-20362 is a medium-severity Missing Authorization (CWE-862) vulnerability in Cisco Adaptive Security Appliance Software. Its CVSS base score is 6.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the improper validation of user-supplied input in HTTP(S) requests that enables unauthorized access to restricted VPN URL endpoints.
Enforces approved authorizations to block unauthenticated remote access to sensitive VPN-related resources on the web server.
Remediates the specific flaw in Cisco ASA/FTD VPN web server software through timely patching, preventing exploitation as recommended by Cisco and listed in CISA KEV.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct auth bypass on public-facing VPN web server enables remote exploitation of exposed application (T1190) and unauthorized access to external remote access services (T1133).
NVD Description
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devices to…
more
unexpectedly reload, leading to denial of service (DoS) conditions. Cisco strongly recommends that all customers upgrade to the fixed software releases that are listed in the Fixed Software ["#fs"] section of this advisory. A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints that are related to remote access VPN that should otherwise be inaccessible without authentication. This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.
Deeper analysisAI
CVE-2025-20362 is a vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. It stems from improper validation of user-supplied input in HTTP(S) requests, enabling access to restricted URL endpoints related to remote access VPN that require authentication. The issue is rated at CVSS 6.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) and is associated with CWE-862 (Missing Authorization).
An unauthenticated, remote attacker can exploit this vulnerability by sending crafted HTTP requests to the targeted web server on an affected device. Successful exploitation allows the attacker to access restricted VPN-related URLs without authentication, potentially exposing sensitive information or enabling further compromise. Additionally, on November 5, 2025, Cisco reported a new attack variant targeting devices affected by both CVE-2025-20362 and CVE-2025-20333, which can cause unpatched devices to unexpectedly reload and trigger denial-of-service conditions.
Cisco advisories recommend upgrading to the fixed software releases listed in the Fixed Software section of the primary advisory. The Cisco Security Advisory and a related resource on continued attacks emphasize immediate patching for all affected customers.
This vulnerability appears in the CISA Known Exploited Vulnerabilities Catalog, indicating active real-world exploitation, with Cisco noting ongoing attacks against unpatched devices.
Details
- CWE(s)
- KEV Date Added
- 25 September 2025