Published On: Sep 29, 2025 15:01
Advisory No: TZCERT-SA-25-0108
Source: Cisco
Software Affected: Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services
Cisco Secure Firewall software and Cisco IOS software are affected by critical vulnerabilities. The vulnerabilities could allow a remote attacker to execute arbitrary code on the affected device.
Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services are affected by critical vulnerabilities tracked as CVE-2025-20333 and CVE-2025-20363, with CVSS base scores of 9.9 and 9.0, respectively. These vulnerabilities result from improper validation of user-supplied input in HTTP(S) requests. Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
