Cybersecurity: Cisco Vulnerability Alert

Cisco has identified a critical remote code execution vulnerability affecting web services across multiple platforms. The vulnerability, tracked as CVE-2025-20363 (CWE-122), has a CVSS 3.1 Base Score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). Impacted software includes ASA, FTD, IOS, IOS XE, and IOS XR.

Cisco Input Validation Flaw (CVE-2025-20363)

This vulnerability arises from inadequate validation of user input in HTTP requests. Attackers may exploit this flaw by sending malicious HTTP packets, enabling arbitrary shell command execution as root.

For Cisco Secure Firewall ASA and FTD, exploitation does not require authentication. For IOS, IOS XE, and IOS XR, low-privileged authenticated access is necessary.

Vulnerable services are accessible on SSL or HTTP ports when features like webvpn, AnyConnect SSL VPN, or the HTTP server are active. Successful exploitation could lead to full device compromise.

The vulnerability was discovered by Keane O’Kelley of Cisco ASIG, with advisory coordination by ASD, CSE, NCSC, and CISA.

All ASA Series (5500-X, ASAv, Firepower 1000/2100/4100/9000, Secure Firewall 1200/3100/4200), FTD platforms, IOS routers with SSL VPN, IOS XE routers, and ASR 9001 running 32-bit IOS XR with HTTP enabled are affected.

No workarounds are available. Immediate upgrade to fixed software versions is necessary, as detailed in the Cisco advisory.

Risk Assessment

Cisco recommends using the Cisco Software Checker to identify vulnerable releases and the earliest available patches. Administrators should audit device configurations to verify SSL VPN or HTTP server status.

For ASA/FTD, confirm webvpn or AnyConnect SSL VPN settings. For IOS XR, ensure the command run uname -s returns Linux or disable the HTTP server with no http server. Cisco PSIRT reports no active exploitation currently.