KB-2352 Information about the Cisco Adaptive Security Appliance vulnerability (CVE-2025-20333 and CVE-2025-20362)

On 25-Sep-2025, Cisco released a security advisory regarding a vulnerability within the VPN web server for their Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) products. On 29-Sep-2025, CISA released an Emergency Directive requiring all federal agencies and contractors to identify and mitigate the vulnerabilities identified in the advisory.

Appian has investigated these vulnerabilities and services and determined that it is not impacted, as we do not use Cisco ASA or FTD services. We will continue to monitor the situation and provide any updates as appropriate.

Additional Notes:

The following CVEs were released with additional information on the scope of the vulnerability:

• CVE-2025-20333 - (Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability)
• CVE-2025-20362 - (Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability)

Supporting Documentation:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
• https://industrialcyber.co/cisa/cisa-issues-emergency-directive-requiring-federal-agencies-to-mitigate-critical-cisco-asa-zero-day-vulnerabilities/

Affected Versions

This article applies to all supported versions of Appian.

Last reviewed: Sep 29, 2025