Forwarded by Taiwan Computer Emergency Readiness/Response Team (TWCERT/CC) - TWCERTCC-200-202509-00000015

[Description]
【CVE-2025-20333】A critical security vulnerability (CVE-2025-20333, CVSS: 9.9) exists in the VPN web server of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD). This vulnerability stems from improper validation of user input in HTTP(S) requests. An attacker with valid VPN user credentials can exploit this vulnerability by sending a specially crafted HTTP request, allowing an authenticated remote attacker to execute arbitrary code as root on the affected device.

【CVE-2025-20363】A critical security vulnerability (CVE-2025-20363, CVSS: 9.0) exists in the web services of Cisco Adaptive Security Appliance (ASA), Cisco Firepower Threat Defense (FTD) software, Cisco IOS software, Cisco IOS XE software, and Cisco IOS XR software. This vulnerability stems from improper validation of user input in HTTP requests. An attacker can send a specially crafted HTTP request to the web service of the affected device, allowing them to execute arbitrary code as root, potentially causing a denial of service on the affected device.

[Affected Platforms]
1. Please check the official website for the version to determine if your device is affected. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

2. Please check the official website for the version to determine if your device is affected. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O

[Recommended Actions]
Apply the patch according to the solution provided on the official website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB

[References]
1. https://www.twcert.org.tw/tw/cp-169-10411-12ff4-1.html