{"id":7220,"date":"2025-09-26T10:03:33","date_gmt":"2025-09-26T10:03:33","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/09\/26\/critical-cisco-vulnerability-let-remote-attackers-execute-arbitrary-code-on-firewalls-and-routers\/"},"modified":"2025-09-26T10:03:33","modified_gmt":"2025-09-26T10:03:33","slug":"critical-cisco-vulnerability-let-remote-attackers-execute-arbitrary-code-on-firewalls-and-routers","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/09\/26\/critical-cisco-vulnerability-let-remote-attackers-execute-arbitrary-code-on-firewalls-and-routers\/","title":{"rendered":"Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers"},"content":{"rendered":"

Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms.\u00a0 Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Score of 9.0 (AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS XR Software.<\/p>\n

Cisco Input Validation Flaw (CVE-2025-20363)<\/strong><\/h2>\n

The flaw stems from improper validation of user-supplied input in HTTP requests. Attackers can craft malicious HTTP packets to bypass exploit mitigations and execute arbitrary shell commands as root.\u00a0<\/p>\n

For Cisco Secure Firewall <\/a>ASA and FTD, no authentication is required; for IOS, IOS XE, and IOS XR, only low-privileged authenticated access is needed.<\/p>\n

Affected services listen on SSL or HTTP ports when features such as webvpn, AnyConnect SSL VPN<\/a>, or the HTTP server are enabled. Example CLI checks:<\/p>\n

\n
\"Critical<\/figure>\n<\/div>\n

Successful exploitation yields a root shell, potentially leading to full device compromise.\u00a0<\/p>\n

Cisco acknowledges Keane O\u2019Kelley of Cisco ASIG for discovering the defect. Coordination with ASD, CSE, NCSC, and CISA contributed to the advisory.<\/p>\n

All ASA Series<\/a> (5500-X, ASAv, Firepower 1000\/2100\/4100\/9000, Secure Firewall 1200\/3100\/4200), FTD platforms, IOS routers with SSL VPN, IOS XE routers, and ASR 9001 running 32-bit IOS XR with HTTP enabled are vulnerable.\u00a0<\/p>\n

No workarounds exist. Customers must upgrade to fixed releases immediately. The advisory provides detailed fixed versions per platform under the Fixed Software section.<\/p>\n

\n\n\n\n\n\n\n\n
Risk Factors<\/strong><\/td>\nDetails<\/strong><\/td>\n<\/tr>\n
Affected Products<\/td>\nCisco Secure Firewall ASA & FTD Software, Cisco IOS Software & IOS XE Software, Cisco IOS XR Software (32-bit on ASR 9001 with HTTP server enabled)<\/td>\n<\/tr>\n
Impact<\/td>\nRemote unauthenticated code execution as root<\/td>\n<\/tr>\n
Exploit Prerequisites<\/td>\nSSL VPN (webvpn) or AnyConnect SSL VPN enabled<\/td>\n<\/tr>\n
CVSS 3.1 Score<\/td>\n9.0 (Critical)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

Cisco recommends<\/a> using the Cisco Software Checker to identify vulnerable releases and the earliest patches. Administrators should audit device configurations to confirm SSL VPN or HTTP server status.\u00a0<\/p>\n

For ASA\/FTD, verify webvpn or AnyConnect SSL VPN settings; for IOS XR, ensure run uname -s returns Linux or disable HTTP via no http server. Cisco PSIRT confirms no active exploitation in the wild.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n

The post Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Florence Nightingale
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Critical Cisco Vulnerability Let Remote Attackers Execute Arbitrary Code on Firewalls and Routers Cisco warns of a Critical remote code execution flaw in web services across multiple Cisco platforms.\u00a0 Tracked as CVE-2025-20363 (CWE-122), this vulnerability carries a CVSS 3.1 Base Score of 9.0 (AV:N\/AC:H\/PR:N\/UI:N\/S:C\/C:H\/I:H\/A:H) and impacts ASA, FTD, IOS, IOS XE, and IOS XR Software. […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-7220","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7220"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=7220"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7220\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=7220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=7220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=7220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}