Around 50,000 Cisco firewalls are vulnerable to attack, so patch now

News
By published

Hackers are already targeting Cisco firewalls, experts warn

Best free Linux firewalls
Image credit: Pixabay (Image credit: Pixabay)
  • 50,000 Cisco firewalls vulnerable to actively exploited RCE flaws CVE-2025-20333 and 20362
  • Cisco and CISA urge immediate patching; no workarounds available for affected ASA/FTD devices
  • Shadowserver found 48.8K unpatched IPs; top affected countries include USA, UK, and Germany

Around 50,000 internet-connected Cisco firewalls are vulnerable to two actively exploited flaws, granting threat actors unauthenticated remote code execution (RCE), as well as full control over compromised devices.

Cisco recently released patches for CVE-2025-20333 and CVE-2025-20362, two bugs plaguing its Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) solutions.

The former is a buffer overflow vulnerability with a 9.9/10 (critical) severity score, while the latter is a missing authorization flaw with a 6.5/10 (medium) severity score.

USA most affected

In the security advisory, Cisco urged customers to apply the patch as soon as possible, stating that it is aware of “attempted exploitation” in the wild.

“Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate this vulnerability,” it said.

At the same time, The Shadowserver Foundation, a nonprofit global cybersecurity data organization, shared on X that as of September 30, there are almost 50,000 exposed endpoints:

“Attention! Cisco ASA/FTD CVE-2025-20333 & CVE-2025-20362 incidents: we are now sharing daily vulnerable Cisco ASA/FTD instances in our Vulnerable HTTP reporting. Over 48.8K unpatched IPs found on 2025-09-29. Top affected: USA,” the tweet reads. At press time, the US had 19,610 exposed instances, followed by the UK with 2,834, and Germany with 2,392.

Right now, the best way to mitigate the threat is to apply the patch, especially since there are no workarounds. BleepingComputer reported temporary hardening steps could include restricting VPN web interface exposure, and increasing logging and monitoring for suspicious VPN logins and crafted HTTP requests.

The US Cybersecurity and Infrastructure Security Agency (CISA) recently urged government agencies to address these two flaws, claiming they were being actively exploited.

As per Emergency Directive 25-03, published on September 25, 2025, CISA said there is a “widespread” attack campaign targeting Cisco Adaptive Appliances and Firepower firewall devices.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.