Partnering With Cisco to Keep You Secure: Addressing CVE-2025-20363 & CVE-2025-20333

At Network Solutions Inc., we take your cybersecurity seriously. Recently, Cisco disclosed two high-severity vulnerabilities—CVE-2025-20363 and CVE-2025-20333—which affect its firewall, VPN, and network appliance lines. Given the critical nature of these flaws and their potential impact, we want to provide context, underscore why patching is essential, and reaffirm our commitment to helping you stay secure.

Vulnerability Summaries

CVE-2025-20363

• This is a vulnerability in the web services component across multiple Cisco platforms: Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, and Cisco IOS / IOS XE / IOS XR software. 
• On ASA / FTD, the vulnerability allows an unauthenticated, remote attacker to execute arbitrary code by sending crafted HTTP requests to the vulnerable web services interface. 
• For IOS, IOS XE, and IOS XR platforms, the exploit requires authentication (a lower-privileged account) but still allows for arbitrary code execution under certain conditions. 
• Cisco has assigned a CVSS v3.1 base score of 9.0 to this vulnerability, reflecting its high severity. 
• Cisco’s PSIRT has confirmed attempted exploitation of this vulnerability. 
• The risk is significant: successful exploitation could allow attackers to compromise devices, inject malicious payloads, exfiltrate sensitive data, or pivot deeper into internal networks. 

CVE-2025-20333

• This is a vulnerability in the VPN web server module of Cisco Secure Firewall ASA and FTD software. 
• It results from improper input validation of user-supplied HTTP(S) requests to the VPN web server. 
• An authenticated remote attacker (i.e., one who has valid VPN credentials) can exploit this flaw by sending malformed HTTP(S) requests, triggering a buffer overflow, and achieving arbitrary code execution at the root privilege level. 
• Because this module is often enabled in common deployments (for remote access and site-to-site VPNs), the attack surface is nontrivial. 
• Cisco rates CVE-2025-20333 as critical with a CVSS v3.1 score of 9.9 (i.e. very high impact). 
• There are no known workarounds for this vulnerability; the only reliable mitigation is to install Cisco’s fixed software release. 
• Further, this vulnerability is actively being exploited in the wild as part of sophisticated campaigns targeting Cisco firewall and VPN infrastructure. 
• Cisco has published supporting resources (e.g. detection guidance and collateral) to help customers identify compromised devices and take action. 

Relationship & Threat Context

• Cisco also disclosed CVE-2025-20362 (a lower-severity authorization bypass issue in the VPN web server) in the same advisory batch. 
• In many real-world attack scenarios, adversaries may chain these vulnerabilities (e.g. CVE-20333 + CVE-20362) to deepen control and persistence on compromised devices. 
• The threat actor behind exploit activity has been linked to UAT4356 / Storm-1849 (also known from the ArcaneDoor campaign). 
• Given the broad deployment of Cisco ASA and FTD platforms in enterprise, government, and critical infrastructure networks, there is serious risk to data confidentiality, integrity, and operational continuity. 
• U.S. authorities are strongly involved: CISA has added CVE-2025-20333 to its Known Exploited Vulnerabilities catalog and issued Emergency Directive ED 25-03, mandating swift mitigation by federal agencies. 
• Multiple reports estimate that tens of thousands of Cisco ASA / FTD devices remain exposed and unpatched. 

Implications & Urgency

Given the nature and severity of these vulnerabilities:

• Exploitation can lead to full device compromise — giving attackers root-level execution and complete control.
• Even as part of a larger chain, these flaws can enable lateral movement, data exfiltration, or persistent footholds in sensitive environments.
• Because there are no reliable workarounds, patching is the only sound mitigation.
• The fact that adversaries are already exploiting at least some of these bugs in the wild elevates urgency to a critical level.
• Unpatched devices represent a live, high-value target for advanced threat actors, and delay increases exposure risk.

Cisco’s prompt disclosure, detailed advisory materials, and release of fixed versions are part of their proactive security posture. Their approach underscores their commitment to transparency, responsible disclosure, and supporting customers through incident mitigation.

Our Commitment to Helping You

At Network Solutions Inc., we stand ready to partner with customers at every stage of mitigation:

• Assessment & Discovery – We will help you inventory affected devices, confirm whether vulnerable features (like VPN web services) are enabled, and map your exposure.
• Patch Planning & Deployment – We assist in scheduling, testing, and rolling out the requisite firmware or software upgrades to remediate CVE-2025-20363 and CVE-2025-20333.
• Detection & Forensics – Using Cisco’s detection guidance and industry best practices, we can help you review logs, surface anomalies, and validate whether you may already have been impacted.
• Hardening & Future Protection – Beyond patching, we can help you architect resilience into your network: segmentation, least privilege, endpoint protection, faster update cycles, and threat monitoring.
• Ongoing Advisory – As Cisco continues to refine detections, publish updates, or release consecutive advisories, we will collaborate with you to stay current and resilient.

We encourage all customers to act immediately. The window for safe delay is very narrow.

Reach Out — Let’s Plan Together

If you are an existing customer, please contact your account manager or designated security liaison now to schedule a vulnerability review and remediation plan.

If you are not yet working with us, we invite you to reach out to Network Solutions Inc. — we’re ready to help you plan a secure path forward, patch critical vulnerabilities, and harden your defenses against future threats. Your protection is our priority.

Together — with Cisco’s leadership in disclosure and our hands-on service — we can respond decisively and strengthen your security posture.