Pakistan’s National Computer Emergency Response Team (National CERT) has issued a high-priority alert for all organizations using Cisco ASA 5500-X Series and Firepower Threat Defense (FTD) devices. The agency has warned that multiple critical vulnerabilities could allow remote attackers to execute arbitrary code and gain lasting access to corporate networks if not patched immediately.
The newly discovered flaws, identified as CVE-2025-20333 (CVSS 9.9), CVE-2025-20363 (CVSS 9.0), and CVE-2025-20362 (CVSS 6.5), affect VPN web and HTTP services running on Cisco firewall platforms. According to the advisory, successful exploitation could result in remote code execution, unauthorized access, firmware manipulation, and data theft.
“Attackers could implant malicious firmware or bypass authentication to access restricted endpoints, resulting in loss of system integrity and espionage risks,” the National CERT warned.
Cisco has confirmed that no active exploitation has been detected so far. However, the company has released software updates addressing all affected versions. National CERT cautioned that unpatched systems could remain exposed to persistent backdoor access through compromised ROMMON firmware.
The vulnerabilities impact Cisco ASA Software versions 9.12–9.23x and FTD Software versions 7.0–7.7x. Affected models include 5512-X, 5515-X, 5525-X, 5545-X, 5555-X, and 5585-X, which have already shown signs of compromise in real-world environments.
National CERT strongly urged all organizations to apply Cisco’s fixed releases without delay. If immediate patching is not possible, it is advised to disable SSL/TLS-based VPN web services and IKEv2 client access, limit network exposure to trusted IPs, and monitor systems for unusual crashes or configuration changes.
The agency further recommended that users of end-of-life hardware migrate to supported Cisco devices equipped with Secure Boot and Trust Anchor technologies. These measures can help prevent firmware-level persistence and maintain network integrity.
Additionally, administrators have been told to reset device configurations, replace all certificates and passwords, and keep a close watch on VPN and HTTP traffic for anomalies.
“Timely patching is critical to prevent persistent compromise of Cisco ASA firewalls,” the National CERT stated, urging enterprises to incorporate Cisco firewall exploitation scenarios into their threat modeling and incident response planning.