Question 1

What is CVE-2025-20333 — Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability?

Accepted Answer

Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.

Question 2

What is the authoritative source for CVE-2025-20333?

Accepted Answer

Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability (CVE-2025-20333) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

Question 3

How severe is CVE-2025-20333?

Accepted Answer

CVE-2025-20333 carries a CRITICAL CVSS 9.9 severity rating. It appears on the CISA Known Exploited Vulnerabilities (KEV) catalog, indicating confirmed in-the-wild exploitation.

CVSS 3.1	9.9 (CRITICAL)
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS	29.20% probability of exploitation · percentile 97.9% · 2026-06-18T12:00:27Z
Published	2025-09-25
Last modified	2025-10-28

CVE-2025-20333Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability

Description

Scoring

CISA KEV entry

Underlying weaknesses· 1

References

1

(incoming)1

Related by meaning· 6