Severe Cisco Flaw Lets Hackers Run Code on Firewalls and Routers

Severe Cisco Flaw Allows Remote Hackers to Run Any Code on Firewalls and Routers

Last updated on September 26, 2025September 27, 2025 by RS Web Solutions on Categories Internet & Cybersecurity, Programming

Table of Contents

Cisco Issues Alert Over Critical Remote Code Execution Vulnerability

Cisco has issued a stark warning regarding a critical remote code execution vulnerability present in several of its platforms. Identified as CVE-2025-20363 (CWE-122), this flaw has garnered a CVSS 3.1 Base Score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A: H) and affects a variety of systems, including ASA, FTD, IOS, IOS XE, and IOS XR Software.

Input Validation Flaw: CVE-2025-20363

The vulnerability originates from inadequate validation of user-supplied input within HTTP requests. Malicious actors can design harmful HTTP packets to circumvent exploit mitigations, thereby executing arbitrary shell commands with root privileges.

For both Cisco Secure Firewall ASA and FTD, no authentication is necessary; however, for IOS, IOS XE, and IOS XR, minimal authenticated access at a low privilege level is required.

Services impacted listen on SSL or HTTP ports when functionalities such as webvpn, AnyConnect SSL VPN, or the HTTP server are activated. Sample CLI checks include:

Successful exploitation can yield a root shell, possibly leading to a complete compromise of the device.

Cisco acknowledges the discovery of this flaw by Keane O’Kelley from Cisco ASIG and notes that collaboration with ASD, CSE, NCSC, and CISA facilitated this advisory.

person using laptop on white wooden table

The vulnerability encompasses all ASA Series (inclusive of 5500-X, ASAv, Firepower 1000/2100/4100/9000, and Secure Firewall 1200/3100/4200), FTD platforms, IOS routers utilizing SSL VPN, IOS XE routers, and ASR 9001 operating on 32-bit IOS XR with HTTP enabled.

No workarounds are available. Customers are urged to upgrade to designated fixed releases without delay. The advisory delineates specific fixed versions per platform in the Fixed Software section.

Risk Factors	Details
Affected Products	Cisco Secure Firewall ASA & FTD Software, Cisco IOS Software & IOS XE Software, Cisco IOS XR Software (32-bit on ASR 9001 with HTTP server enabled)
Impact	Remote unauthenticated code execution as root
Exploit Prerequisites	SSL VPN (webvpn) or AnyConnect SSL VPN enabled
CVSS 3.1 Score	9.0 (Critical)

Cisco recommends utilizing the Cisco Software Checker to audit vulnerable releases and the earliest patches. Device administrators should scrutinize configurations to ascertain the status of the SSL VPN or the HTTP server.

For ASA/FTD, ensure webvpn or AnyConnect SSL VPN settings are configured correctly; for IOS XR, verify that executing “uname -s” returns Linux or disable HTTP by executing “no http server.” Cisco PSIRT confirms that no active exploitation has been detected in the wild.

Source link: Cybersecuritynews.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

RS Web Solutions

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.