Nearly 50,000 Cisco firewall devices worldwide are currently exposed to significant security risks following the disclosure of three critical vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products.
Statistics from the Shadowserver Foundation have highlighted the scale of this problem, revealing that thousands of these devices remain directly accessible via the internet and have yet to receive urgent security patches.
The vulnerabilities, which were publicly announced on September 25, prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a rare emergency patching directive, reflecting the severity and potential impact of these flaws.
The United States leads in terms of exposure, with more than 19,000 vulnerable devices identified, outpacing every other country. The United Kingdom follows with over 2,700 exposed units, while Japan, Germany, and Russia also have substantial numbers.
Across Europe, other countries report fewer than 1,000 vulnerable devices each, but the cumulative risk remains global in scope. Shadowserver’s ongoing data collection will track mitigation efforts over the coming weeks, providing insights into how organizations respond to these urgent warnings.
Central to the threat are two particular vulnerabilities, CVE-2025-20362 and CVE-2025-20333, which have already been exploited by a highly sophisticated threat actor. This campaign has successfully targeted and breached several federal agencies along with organizations worldwide.
The nature of these vulnerabilities makes them especially dangerous: both relate to improper validation of HTTPS requests by the affected Cisco firewalls. This weakness could allow attackers to submit malicious requests that effectively bypass authentication controls, leaving affected systems open to compromise.
Specifically, CVE-2025-20362 enables attackers to access restricted VPN-related URLs that should otherwise require strong authentication, while CVE-2025-20333 allows malicious actors to execute arbitrary code with root privileges, dramatically increasing the potential for damaging network intrusions.
In light of these dangers, U.S. federal agencies have been given until the end of Thursday to confirm with CISA that all vulnerable devices have been patched or otherwise mitigated against potential exploitation.
The urgency surrounding these vulnerabilities is underscored by the demonstrated capability of attackers and the ongoing risks to national and organizational cybersecurity worldwide. As real-time data continues to be collected, the response from security teams will be crucial in minimizing exposure and preventing future incidents related to these Cisco firewall flaws.