Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Active Exploitation of Multiple Vulnerabilities in Cisco Products

26 September 2025

Cisco has released security updates addressing multiple vulnerabilities (CVE-2025-20333, CVE-2025-20362, and CVE-2025-20363) in their ASA, FTD and IOS products.

Background

Cisco has released security updates addressing multiple vulnerabilities (CVE-2025-20333, CVE-2025-20362, and CVE-2025-20363) in their Adaptive Security Appliance Software (ASA), Secure Firewall Threat Defense (FTD) and Internetworking Operating System (IOS) products. These vulnerabilities stem from improper validation of user-supplied input in HTTP(S) requests.

Impact

CVE-2025-20333: An authenticated attacker with valid VPN user credentials could exploit this vulnerability to execute arbitrary code as root, resulting in complete compromise of the affected device. This vulnerability has a CVSSv3.1 score of 9.9.

CVE-2025-20362: An unauthenticated attacker could exploit this vulnerability to access restricted URL endpoints that would otherwise require authentication. This vulnerability has a CVSSv3.1 score of 6.5.

CVE-2025-20363: An unauthenticated attacker could exploit this vulnerability to execute arbitrary code as root, resulting in complete compromise of the affected device. For Cisco IOS, IOS XE, and IOS XR Software, authentication is required for exploitation. This vulnerability has a CVSSv3.1 score of 9.0.

Known Exploitation

CVE-2025-20333 and CVE-2025-20362 are reportedly under widespread exploitation in the wild. Cisco notes that these vulnerabilities have been exploited to compromise Cisco ASA 5500-X Series devices with VPN web services enabled, resulting in malware implantation, command execution, and potential data exfiltration.

Administrators of these products are advised to follow Cisco's detailed guidance on detection and recovery steps found here:

Affected Products

The following Cisco ASA and FTD Software versions are affected by these vulnerabilities when running a vulnerable version with one or more vulnerable configurations (IKEv2 Remote Access, Mobile User Security and SSL VPN):

  • Cisco ASA Software releases 9.12 to 9.23x;

  • Cisco FTD Software releases 7.0 to 7.7x; 

CVE-2025-20363 also affects the following products:

  • IOS Software, if the Remote Access SSL VPN feature has been enabled;

  • IOS-XE Software, if the Remote Access SSL VPN feature has been enabled; and

  • IOS-XR Software (32-bit), if running on Cisco ASR 9001 Routers with the HTTP server enabled.

The Cisco Software Checker may be used to determine whether a specific software version is vulnerable.

Mitigation

Administrators of affected Cisco products are advised to update to the latest version immediately.

As a short term measure, administrators can mitigate risk by disabling all SSL/TLS-based VPN web services, such as disabling IKEv2 client services and disabling all SSL VPN services. Please refer to Cisco's guidance here.

Administrators of Cisco Secure Firewall ASA appliances are also advised to review Cisco's guidance on on enabling protections from remote access VPN login authentication attacks, client initiation attacks, and attempts to connect to an invalid VPN service.

Reporting Compromise

Organisations are encouraged to report any compromised Cisco devices to SingCERT at https://www.csa.gov.sg/resources/singcert/cyber-aid.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks

https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices

https://nvd.nist.gov/vuln/detail/CVE-2025-20333

https://nvd.nist.gov/vuln/detail/CVE-2025-20362

https://nvd.nist.gov/vuln/detail/CVE-2025-20363

Back to top