Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 - The Hacker News

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362 Ravie LakshmananNov 06, 2025Zero-Day / Vulnerability Cisco on Wednesday disclosed that it became aware of a new attack variant that's designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362. "This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service (DoS) conditions," the company said in an updated advisory, urging customers to apply the updates as soon as possible. Both vulnerabilities were disclosed in late September 2025, but not before they were exploited as zero-day vulnerabilities in attacks delivering malware such as RayInitiator and LINE VIPER, according to the U.K. National Cyber Security Centre (NCSC). While successful exploitation of CVE-2025-20333 allows an attacker to execute arbitrary code as root using crafted HTTP requests, CVE-2025-20362 makes it possible to access a restricted URL without authentication. The update comes as Cisco addressed two critical security flaws in Unified Contact Center Express (Unified CCX) that could permit an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root. The networking equipment major credited security researcher Jahmel Harris for discovering and reporting the shortcomings. The vulnerabilities are listed below - CVE-2025-20354 (CVSS score: 9.8) - A vulnerability in the Java Remote Method Invocation (RMI) process of Unified CCX that allows an attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system. CVE-2025-20358 (CVSS score: 9.4) - A vulnerability in the Contact Center Express (CCX) Editor application of Unified CCX that allows an attacker to bypass authentication and obtain administrative permissions to create arbitrary scripts on the underlying operating system and execute them. They have been addressed in the following versions - Cisco Unified CCX Release 12.5 SU3 and earlier (Fixed in 12.5 SU3 ES07) Cisco Unified CCX Release 15.0 (Fixed in 15.0 ES01) In addition to the two vulnerabilities, Cisco has shipped patches for a high-severity DoS bug (CVE-2025-20343, CVSS score: 8.6) in Identity Services Engine (ISE) that could allow an unauthenticated, remote attacker to cause a susceptible device to restart unexpectedly. "This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint," it said. "An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE." While there is no evidence that any of the three security flaws have been exploited in the wild, it's essential that users apply the updates as soon as possible for optimal protection. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cisco, cybersecurity, Denial-of-Service, exploit, Firewall, Malware, Vulnerability, zero-day Trending News Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Identity Controls Checklist: Find Missing Protections in Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026