DIVD-2025-00039 - Cisco ASA WebVPN Vulnerabilities
| Our reference | DIVD-2025-00039 |
| Case lead | Victor Pasman |
| Author | Davy Aarts |
| Researcher(s) | |
| CVE(s) | |
| Products |
|
| Versions | See Cisco advisory |
| Recommendation | Apply the patches released by Cisco as described in the official advisory. If patching is not possible immediately, restrict or disable WebVPN access until mitigations can be applied. |
| Patch status | Available |
| Workaround | If patching is not immediately possible, consider disabling WebVPN functionality or limiting access to trusted networks only. |
| Status | Open |
| Last modified | 03 Oct 2025 16:00 CEST |
Summary
Cisco has released an advisory addressing multiple vulnerabilities in the Cisco Adaptive Security Appliance (ASA) related to WebVPN functionality. If exploited, these vulnerabilities could allow attackers to bypass authentication mechanisms or execute arbitrary actions within the VPN session, potentially leading to unauthorized access to internal resources.
The vulnerabilities are identified as:
- CVE-2025-20333 – Authentication bypass vulnerability in WebVPN.
- CVE-2025-20362 – Privilege escalation through improper session handling.
- CVE-2025-20363 – Memory handling issue that could result in denial-of-service or remote code execution.
What you can do
- Update immediately: Apply Cisco’s official patches as outlined in the Cisco advisory.
- Mitigate risk: If patching cannot be done right away, disable WebVPN services or restrict them to trusted networks only.
- Monitor your systems: Watch for unusual login attempts, session hijacking indicators, or performance degradation that may point to exploitation.
- Review logs: Inspect VPN logs for signs of abuse or suspicious activity.
What we are doing
We are scanning for Cisco ASA instances exposed to the internet that may be vulnerable to these flaws. We will notify affected parties so they can take appropriate action.
Timeline
| Date | Description |
|---|---|
| 25 Sep 2025 | Case started by DIVD researchers. |
| 24 Sep 2025 | Cisco published security advisory on ASA WebVPN vulnerabilities. |
| 03 Oct 2025 | First batch of notifications are being send |
gantt
title DIVD-2025-00039 - Cisco ASA WebVPN Vulnerabilities
dateFormat YYYY-MM-DD
axisFormat %e %b %Y
section Case
DIVD-2025-00039 - Cisco ASA WebVPN Vulnerabilities (still open) :2025-09-25, 2025-10-17
section Events
Case started by DIVD researchers. : milestone, 2025-09-25, 0d
Cisco published security advisory on ASA WebVPN vulnerabilities. : milestone, 2025-09-24, 0d
First batch of notifications are being send : milestone, 2025-10-03, 0d