Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Cisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362

The Hacker News by The Hacker News
November 6, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Nov 06, 2025Ravie LakshmananZero-Day / Vulnerability

Cisco on Wednesday disclosed that it became aware of a new attack variant that’s designed to target devices running Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software releases that are susceptible to CVE-2025-20333 and CVE-2025-20362.

“This attack can cause unpatched devices to unexpectedly reload, leading to denial-of-service (DoS) conditions,” the company said in an updated advisory, urging customers to apply the updates as soon as possible.

Both vulnerabilities were disclosed in late September 2025, but not before they were exploited as zero-day vulnerabilities in attacks delivering malware such as RayInitiator and LINE VIPER, according to the U.K. National Cyber Security Centre (NCSC).

DFIR Retainer Services

While successful exploitation of CVE-2025-20333 allows an attacker to execute arbitrary code as root using crafted HTTP requests, CVE-2025-20362 makes it possible to access a restricted URL without authentication.

The update comes as Cisco addressed two critical security flaws in Unified Contact Center Express (Unified CCX) that could permit an unauthenticated, remote attacker to upload arbitrary files, bypass authentication, execute arbitrary commands, and elevate privileges to root.

The networking equipment major credited security researcher Jahmel Harris for discovering and reporting the shortcomings. The vulnerabilities are listed below –

  • CVE-2025-20354 (CVSS score: 9.8) – A vulnerability in the Java Remote Method Invocation (RMI) process of Unified CCX that allows an attacker to upload arbitrary files and execute arbitrary commands with root permissions on an affected system.
  • CVE-2025-20358 (CVSS score: 9.4) – A vulnerability in the Contact Center Express (CCX) Editor application of Unified CCX that allows an attacker to bypass authentication and obtain administrative permissions to create arbitrary scripts on the underlying operating system and execute them.

They have been addressed in the following versions –

  • Cisco Unified CCX Release 12.5 SU3 and earlier (Fixed in 12.5 SU3 ES07)
  • Cisco Unified CCX Release 15.0 (Fixed in 15.0 ES01)
CIS Build Kits

In addition to the two vulnerabilities, Cisco has shipped patches for a high-severity DoS bug (CVE-2025-20343, CVSS score: 8.6) in Identity Services Engine (ISE) that could allow an unauthenticated, remote attacker to cause a susceptible device to restart unexpectedly.

“This vulnerability is due to a logic error when processing a RADIUS access request for a MAC address that is already a rejected endpoint,” it said. “An attacker could exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to Cisco ISE.”

While there is no evidence that any of the three security flaws have been exploited in the wild, it’s essential that users apply the updates as soon as possible for optimal protection.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Global Telehealth Market Size to Exceed USD 156.3 Billion by 2035, Rising at 19.15% CAGR | Report by Vantage Market Research

Global Telehealth Market Size to Exceed USD 156.3 Billion by 2035, Rising at 19.15% CAGR | Report by Vantage Market Research

Recommended.

Google DeepMind’s AI Agent Dreams Up Algorithms Beyond Human Expertise

Google DeepMind’s AI Agent Dreams Up Algorithms Beyond Human Expertise

May 14, 2025
Lumen Technologies CEO Kate Johnson On Retreating From Telecom Roots, The AI Opportunity And Being ‘Wickedly Innovative’ With Partners

Lumen Technologies CEO Kate Johnson On Retreating From Telecom Roots, The AI Opportunity And Being ‘Wickedly Innovative’ With Partners

May 7, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026
AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

AT&T Vs. Verizon: How The Country’s Biggest Carriers Fared In Q4 2025

January 30, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio