Home Innovation Cisco Close to 50,000 Cisco Devices ...

Close to 50,000 Cisco Devices Vulnerable to Critical Remote Exploits

Cisco

Business Honor
08 October, 2025

Hackers exploiting severe vulnerabilities in Cisco ASA and FTD devices; prompt patches and monitoring needed.

Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances face a high risk threat, with close to 50,000 vulnerable exposed appliances facing two severe vulnerabilities currently being exploited by hackers. The vulnerabilities, labeled CVE-2025-20333 and CVE-2025-20362, enable remote attackers to run arbitrary code and access restricted VPN endpoints unauthorized. The danger posed by these vulnerabilities is that they can be used to exploit the devices without being prompted to authenticate first, putting organizations globally at huge risk.

The vulnerabilities were initially disclosed, with advisories highlighting their active exploitation in attacks that began before patches were available. It was stated that no workarounds exist for these issues, although temporary mitigation measures include restricting VPN web interfaces and increasing monitoring for suspicious activities. The Shadowserver Foundation, a threat monitoring service, reported that over 48,800 ASA and FTD devices remain vulnerable to these flaws, with most located in the United States, followed by the U.K., Japan, and other countries. Despite previous warnings, these vulnerabilities continue to be exploited, highlighting the urgent need for prompt remediation.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an emergency directive calling for all federal agencies to discover and address impacted Cisco devices within 24 hours. Agencies should also disconnect ASA devices that have reached their end of support (EoS) from networks at once. The U.K.'s National Cyber Security Centre (NCSC) has also confirmed that hackers are using shellcode loader malware and bootkits like 'Line Viper' and 'RayInitiator' as part of their attacks. With the criticality of these exploits, network administrators are seriously advised to implement Cisco's recommended patches and mitigate the vulnerabilities at the earliest to prevent further compromise. This persistent threat highlights the utmost importance of timely patching and active monitoring in cybersecurity.