CVE-2025-20362 Cisco CVE debrief

Who should care

Security, infrastructure, and incident-response teams responsible for Cisco Secure Firewall ASA/FTD deployments, especially Internet-facing appliances and remote-access services. Federal civilian agencies should treat this as an immediate compliance and response priority because the item is in CISA KEV.

Technical summary

The supplied corpus identifies the issue as a missing authorization vulnerability in Cisco Secure Firewall ASA and FTD. The source material does not provide CVSS, attack chain details, or reproduction steps, but CISA’s KEV listing confirms the vulnerability is known to be exploited in the wild. The available official references point defenders to Cisco’s advisory and CISA’s ED 25-03 mitigation and hunting instructions.

Defensive priority

Immediate

Recommended defensive actions

• Review Cisco’s official security advisory and apply the vendor’s recommended fixes or mitigations for affected ASA/FTD systems.
• Follow CISA Emergency Directive 25-03 and the linked mitigation instructions without delay.
• Use CISA’s supplemental hunt and core-dump guidance to look for signs of compromise on potentially affected devices.
• Apply the CISA eviction-strategies guidance if compromise is suspected or confirmed.
• If mitigations are not available for a deployment, follow CISA guidance to discontinue use of the product in accordance with applicable policy.

Evidence notes

This debrief is based only on the supplied CISA KEV record and the official links included in the corpus. The corpus confirms the vendor, product family, vulnerability name, KEV date added, due date, and that known ransomware campaign use is listed as unknown. No CVSS score or deeper technical write-up is present in the supplied source material.

Official resources