Introduction
Remote attackers can gain root access to Cisco network infrastructure by exploiting a critical flaw in web services. CVE-2025-20363 impacts a wide range of Cisco products, exposing enterprise and service provider networks to complete compromise through a single HTTP request.
Cisco is a dominant force in the global networking market, with its ASA, FTD, and IOS platforms forming the backbone of countless enterprise, government, and service provider networks. The company’s products are deployed in millions of environments worldwide, making vulnerabilities in these systems highly impactful for the broader technology ecosystem.
Technical Information
CVE-2025-20363 is a heap-based buffer overflow (CWE-122) in the web services components of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software. The vulnerability is triggered by improper validation of user-supplied input in HTTP requests. When a crafted HTTP request is sent to the affected web service, the software allocates a heap buffer of insufficient size and then writes attacker-controlled data beyond the buffer boundary. This can corrupt heap memory and allow the attacker to execute arbitrary code as root.
On Cisco ASA and FTD platforms, the attack can be performed remotely and without authentication. For Cisco IOS, IOS XE, and IOS XR, the attacker must authenticate with low privileges before sending the malicious HTTP request. Exploitation requires the attacker to gather additional information about the target system and bypass exploit mitigations such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). No public code snippets or proof of concept are available for this vulnerability.
Affected Systems and Versions
- Cisco Secure Firewall Adaptive Security Appliance (ASA) Software (specific versions not listed in public sources)
- Cisco Secure Firewall Threat Defense (FTD) Software (specific versions not listed in public sources)
- Cisco IOS Software (specific versions not listed in public sources)
- Cisco IOS XE Software (specific versions not listed in public sources)
- Cisco IOS XR Software (specific versions not listed in public sources)
The vulnerability affects systems where the web services interface is enabled and accessible. On ASA and FTD, exploitation does not require authentication. On IOS, IOS XE, and IOS XR, exploitation requires authenticated access with low privileges.
Vendor Security History
Cisco has experienced several critical vulnerabilities in its network infrastructure products in recent years. Notable related issues include:
- CVE-2025-20263: Buffer overflow in ASA and FTD web services
- CVE-2025-20352: SNMP vulnerability in IOS and IOS XE, known to be exploited in the wild
Cisco typically issues advisories and patches promptly, but the recurrence of memory safety flaws in web services and management interfaces highlights ongoing challenges in secure software engineering for complex network devices.