Cisco Security Advisory: Critical Vulnerabilities You Need to Know About

On September 25, 2025, at 16:00 GMT, Cisco disclosed two new critical vulnerabilities affecting Cisco ASA (Adaptive Security Appliance) and Firepower Threat Defense (FTD). Both flaws could allow attackers to run malicious code or gain unauthorized access. 

These issues carry a Critical rating, and Cisco has confirmed that attempted exploitation is already underway. Organizations relying on ASA or FTD should treat this as a high-priority incident. 

Affected Cisco Products 

Cisco has confirmed that multiple Cisco software families are impacted. The most urgent risks involve firewalls, VPN services, and devices running web services. 

1. Cisco ASA & Firepower Threat Defense (FTD) — WebVPN Vulnerability (CVE-2025-20359) 

• What it is: A flaw in the WebVPN service of ASA and FTD. 

• Exploitation conditions: Only affects systems with WebVPN enabled. Attackers can exploit this remotely without authentication. 

• Impact: Successful exploitation could allow denial of service or execution of attacker-controlled code. 

• Fixed versions: Cisco has released patched versions for ASA and FTD software. Customers should use the Cisco Software Checker to verify their running version and the earliest safe release. 

2. Cisco ASA HTTP Component — HTTP Code Execution Vulnerability (CVE-2025-20358) 

• What it is: A flaw in the HTTP/HTTPS management interface of ASA devices. 

• Exploitation conditions: The ASA HTTP server feature must be enabled. Attacks are unauthenticated and remote. 

• Impact: Could allow full remote code execution on the firewall. 

• Mitigation: If patching cannot occur immediately, Cisco recommends disabling the HTTP server until upgrades are applied. 

3. Additional Cisco Platforms Impacted
Beyond ASA and FTD, Cisco has confirmed similar risks in: 

• Cisco IOS Software (classic router/switch OS) 

• Cisco IOS XE Software (enterprise routers and switches) 

• Cisco IOS XR Software (carrier-grade routers) 

On these systems, the flaws affect the web services interface. Exploitation requires an attacker to already have valid low-privilege credentials. Even so, the risk is significant, and patching is required. 

These products are widely deployed in enterprise firewalls and VPN infrastructures, significantly increasing the potential attack surface. 

Why The Security Alert Matters 

A successful attack could allow adversaries to: 

• Take control of affected devices. 

• Bypass firewalls and VPN protections. 

• Move laterally into business-critical networks. 

• Disrupt ERP, production, and other core operations. 

Cisco Product Security Incident Response Team (PSIRT) has already observed exploitation attempts in the wild, which means attackers are actively testing these flaws. 

“Exploitation attempts have already been observed in the wild, which means attackers are actively looking for unpatched systems.” 

What You Should Do 

Cisco’s guidance is clear: upgrading to the fixed software release is the only reliable way to remediate these vulnerabilities. There are no permanent workarounds. 

In plain terms, here’s what IT teams should focus on: 

• Upgrade without delay. Apply the fixed software releases provided by Cisco. 

• Use the Cisco Software Checker. Confirms whether your ASA, FTD, FMC, IOS, IOS XE, or IOS XR release is affected and shows the earliest safe version. 

• Disable risky features temporarily. If patching isn’t immediate, disable WebVPN and HTTP services until updates can be applied. 

• Review configurations. After patching, Cisco recommends enabling Threat Detection for VPN services to guard against login-based and connection-based attacks. 

• Stay alert. Monitor logs and network traffic closely, since active exploitation has already been observed, assume your perimeter may be probed. 

If your team needs help assessing which versions you’re running or planning a safe upgrade, the X-Centric cybersecurity team is available to assist. 

Where to Learn More 

• Cisco ASA/FTD WebVPN Vulnerability Advisory 

• Cisco ASA HTTP Code Execution Vulnerability Advisory 

How X-Centric Can Help 

Our team is already working with clients on urgent Cisco patching. 

Incidents like this show how quickly vulnerabilities can turn into real risks. Patching is critical but so is having the right safeguards in place to catch issues early. 

At X-Centric, we can help you: 

• Review your Cisco environment to confirm exposure. 

• Support patching and configuration updates. 

• Monitor logs for suspicious activity. 

For organizations seeking ongoing protection, we also offer cybersecurity solutions and managed services that includes 24/7 monitoring. These services help identify problems before they escalate and keep your systems and data safe. 

👉 If you’d like a second set of eyes on your environment, our team is here to help. 

📧 info@x-centric.com | ☎️ (262) 320-4477 

Further Learning & Best Practices 

Security alerts like this demonstrate that patching alone is insufficient; you also need to reassess how your access and infrastructure are designed and implemented. 

To help gain broader understanding about cloud security, here are two essential reads: 

• What Are the Best Ways to Secure Our Public Cloud Tools — includes practical strategies for securing platforms like Cisco Cloud Center and other public cloud tools—critical for hybrid environments where Cisco ASA and FTD may be part of a broader cloud architecture. 

Why Your Company Should Consider Using Passwordless Logins — explains how passwordless logins can reduce risk in VPN, remote access, and hybrid setups.