Cisco firewalls, widely deployed across enterprises for their security infrastructure, are now facing a new wave of attacks exploiting previously identified critical vulnerabilities to launch denial-of-service (DoS) campaigns. This development intensifies concerns surrounding two security flaws for which Cisco released patches in late September. For more information on maintaining network stability, consider reading our related articles.
Initially, attackers leveraged these vulnerabilities to gain full control over affected devices. However, network manufacturer Cisco has recently confirmed a new variant of exploitation, wherein the same security holes are being actively used to trigger firewalls to reload, disrupting critical network services. This escalation underscores the urgent need for organizations to apply available security updates.
The vulnerabilities, identified as CVE-2025-20333 and CVE-2025-20362, reside within Cisco’s Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. These platforms are crucial for the firewall and VPN functionalities of various Cisco network devices.
CVE-2025-20333, boasting a severity score of 9.9 out of 10, allows an attacker with valid VPN credentials to execute arbitrary code as root, potentially leading to a complete compromise of the device. Complementing this, CVE-2025-20362 (rated 6.5) enables an unauthenticated attacker to access remote access VPN URL endpoints that should typically require authentication. The combination of these two flaws permits an unauthenticated remote attacker to achieve full control over a device, a method observed in attacks since late September.
Cisco’s updated security advisories now detail a new attack vector where these combined vulnerabilities are leveraged for denial-of-service attacks. By exploiting these flaws, attackers can force a reload of the firewall, effectively causing a DoS condition. While specific details of these latest attacks remain undisclosed by Cisco, the observed activity highlights the evolving threat landscape. The initial lower severity rating for CVE-2025-20362, particularly given its role in enabling widespread exploitation, has drawn scrutiny from security experts who point to its active use in the wild as a clearer indicator of its critical impact.
The ongoing exploitation of these vulnerabilities, transitioning from full system compromise to disruptive DoS attacks, underscores the critical importance of timely patching and continuous vigilance in maintaining network security infrastructure.