Cisco disclosed that it has become aware of a new attack variant targeting devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. These devices are susceptible to two vulnerabilities, CVE-2025-20333 and CVE-2025-20362.
New Denial of Service Attack
Cisco updated its advisory, stating this attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. The company is urging customers to apply the available updates immediately.
Both flaws were originally disclosed in late September 2025, but only after they had already been exploited as zero-day vulnerabilities in attacks delivering malware such as RayInitiator and LINE VIPER, according to the U.K. National Cyber Security Centre (NCSC). Successful exploitation of CVE-2025-20333 allows an attacker to execute arbitrary code as root using crafted HTTP requests. Meanwhile, CVE-2025-20362 makes it possible to access a restricted URL without authentication.
Critical Flaws in Unified CCX
Cisco also addressed two critical security flaws in its Unified Contact Center Express (Unified CCX) that could allow an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root.
The networking equipment major credited security researcher Jahmel Harris for discovering and reporting these shortcomings. The vulnerabilities are:
- CVE-2025-20354 (CVSS score: 9.8) A vulnerability in the Java Remote Method Invocation (RMI) process of Unified CCX allows an attacker to upload arbitrary files and execute arbitrary commands with root permissions.
- CVE-2025-20358 (CVSS score: 9.4) A flaw in the CCX Editor application allows an attacker to bypass authentication and obtain administrative permissions to create and execute arbitrary scripts on the underlying operating system.
These vulnerabilities have been addressed in Cisco Unified CCX Release 12.5 SU3 ES07 and Release 15.0 ES01.
High-Severity Bug in ISE
In addition to the two critical vulnerabilities, Cisco shipped patches for a high severity DoS bug (CVE-2025-20343, CVSS score: 8.6) in Identity Services Engine (ISE). This flaw could allow an unauthenticated, remote attacker to cause a susceptible device to restart unexpectedly. This
vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint. An attacker could exploit this by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE.
While there is no evidence that any of the three security flaws have been exploited in the wild, it is essential that users apply the updates as soon as possible for optimal protection.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
