- 50,000 CISCO firewalls vulnerable to Actively used CVE-2025-20333 and 20362 defects.
- Cisco and Cisa urge immediate fixes; No bypass available for ASA / FTD devices affected
- Shadowserver found 48.8K IPS not corrected; The most affected countries include the United States, the United Kingdom and Germany
About 50,000 CISCO firewalls connected to the Internet are vulnerable to two actively exploited defects, granting threat stakeholders the execution of the non-authenticated unsettlement code (RCE), as well as total control of compromise devices.
Cisco has recently published fixes for CVE-2025-20333 and CVE-2025-20362, two bugs afflicting its adaptive safety (ASA) and fire threat (FTD) security solutions.
The first is a vulnerability of buffer overflow with a 9.9 / 10 (critical) severity score, while the second is a lack of a missing authorization with a gravity score of 6.5 / 10 (medium).
The most affected United States
In the notice of security, Cisco urged customers to apply the patch as soon as possible, declaring that it was aware of the “attempted exploitation” in the wild.
“Cisco continues to strongly recommend that customers go to a fixed version of the software to correct this vulnerability,” he said.
At the same time, the Shadowserver Foundation, a global non -profit cybersecurity data organization, shared on X until September 30, there are nearly 50,000 termination points exposed:
“Attention! CISCO ASA / FTD CVE-2025-20333 & CVE-2025-20362 Incidents: We now share the daily instances of Cisco Asa / FTD in our vulnerable HTTP report. Over 48.8.8K IPS not corrected found on 2025-09-29. At the time of the press, the United States had 19,610 cases exposed, followed by the United Kingdom with 2,834 and Germany with 2,392.
Currently, the best way to mitigate the threat is to apply the patch, especially since there is no bypass. Bleeping Compompute The temporary hardening steps reported could include the restriction of exposure to the VPN web interface, and the increase in the operation and monitoring of suspect VPN connections and designed HTTP requests.
The American Cybersecurity and Infrastructure Safety Agency (CISA) recently urged government agencies to tackle these two faults, saying that they were actively exploited.
According to emergency directive 25-03, published on September 25, 2025, the CISA said that there was a “widespread” attack campaign targeting Cisco adaptive devices and firewall aircraft.
Via Bleeping Compompute
