Cisco Warns of Two Zero-Day Vulnerabilities in ASA and FTD Software, One Critical (CVE-2025-20333)

Cisco has issued an urgent advisory regarding two zero-day vulnerabilities affecting its Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software. These vulnerabilities are being actively exploited in the wild, posing a significant risk to organizations utilizing these products. One of the vulnerabilities has been assigned CVE-2025-20333 and has a CVSS score of 9.9, indicating a critical severity. The vulnerability is due to incorrect validation of user-supplied input. Details about the second vulnerability are not provided in the initial report. Given the critical nature of these vulnerabilities and their active exploitation, Cisco is urging customers to apply patches immediately. Organizations should prioritize identifying affected systems and applying the necessary updates to mitigate the risk of exploitation. This incident underscores the importance of maintaining a robust vulnerability management program capable of rapid response to emerging threats. Regular patching and comprehensive monitoring are essential practices to defend against such threats.