- 50,000 Cisco Firewalls vulnerable to actively exploited RCE ERROR CVE-2025-20333 and 20362
- Cisco and Cisa call for instant lapp; No solutions available to affected ASA/FTD units
- Shadows server found 48.8,000 uncontrolled IPs; Top -Booked Countries Includes USA, UK and Germany
About 50,000 Internet -connected Cisco Firewalls are vulnerable to two actively utilized deficiencies, giving threat actors unauthorized remote code execution (RCE) as well as full control over compromised devices.
Cisco recently released Patches to CVE-2025-20333 and CVE-2025-20362, two bugs that plagued its adaptive security appliance (ASA) and Firewall Threat Defense (FTD) solutions.
The former is a puffer overflow vulnerability with a 9.9/10 (critical) severity, while the latter is a lack of authorization error with a 6.5/10 (medium) severity.
USA most affected
In security advice, Cisco urged customers to use Patchet as soon as possible and said it is aware of “attempts at exploitation” in nature.
“Cisco continues to recommend that customers upgrade to a fixed software release to alleviate this vulnerability,” it said.
At the same time, Shadowserver Foundation, a nonprofit -Global cybersecurity -data organization, shared that from 30 September there are almost 50,000 exposed final points:
“Attention! Cisco ASA/FTD CVE-2025-20333 & CVE-2025-20362 Events: We now share daily vulnerable Cisco ASA/FTD deposits in our vulnerable HTTP reporting. Over 48.8k Unmatched IPs found on 2025-09-29. At the time of the press, the United States had 19,610 exposed cases, followed by the UK with 2,834, and Germany with 2,392.
Right now, the best way to reduce the threat is to apply the patch, especially since there are no solutions. Bleeping computer Reported temporary curing steps could include restriction of VPN -Web Fix an exposure and increased logging and monitoring of suspicious VPN logoins and designed HTTP requests.
US cyber security and infrastructure security agency (CISA) recently called on government agencies to tackle these two shortcomings and claimed they were actively exploited.
Under the Nutout Directive 25-03, published on September 25, 2025, CISA said there is a “widespread” attacking campaign targeting Cisco-adaptive appliances and Firepower Firewall devices.
Via Bleeping computer
