https://community.appian.com/support/w/kb/3712/kb-2352-information-about-the-cisco-adaptive-security-appliance-vulnerability-cve-2025-20333-and-cve-2025-20362en-USTelligent Community 12https://community.appian.com/support/w/kb/3712/kb-2352-information-about-the-cisco-adaptive-security-appliance-vulnerability-cve-2025-20333-and-cve-2025-20362Tue, 30 Sep 2025 18:05:54 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:871ec260-a925-4913-bb17-bd54a366b802pauline.delacruzhttps://community.appian.com/support/w/kb/3712/kb-2352-information-about-the-cisco-adaptive-security-appliance-vulnerability-cve-2025-20333-and-cve-2025-20362#commentsCurrent Revision posted to Appian Knowledge Base by pauline.delacruz on 9/30/2025 6:05:54 PM<br /> <p><span style="font-weight:400;">On 25-Sep-2025, Cisco released a </span><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> regarding a vulnerability within the VPN web server for their Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) products. On 29-Sep-2025, CISA released an </span><a href="https://industrialcyber.co/cisa/cisa-issues-emergency-directive-requiring-federal-agencies-to-mitigate-critical-cisco-asa-zero-day-vulnerabilities/"><span style="font-weight:400;">Emergency Directive</span></a><span style="font-weight:400;"> requiring all federal agencies and contractors to identify and mitigate the vulnerabilities identified in the advisory.</span></p> <p><span style="font-weight:400;">Appian has investigated these vulnerabilities and services and determined that it is not impacted, as we do not use Cisco ASA or FTD services. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVEs were released with additional information on the scope of the vulnerability:</span></p> <ul> <li style="font-weight:400;"><a href="https://nvd.nist.gov/vuln/detail/cve-2025-20333"><span style="font-weight:400;">CVE-2025-20333</span></a><span style="font-weight:400;"> - (Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability)</span></li> <li style="font-weight:400;"><a href="https://nvd.nist.gov/vuln/detail/cve-2025-20362"><span style="font-weight:400;">CVE-2025-20362</span></a><span style="font-weight:400;"> - (Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability)</span></li> </ul> <p><span style="font-weight:400;">Supporting Documentation:</span></p> <ul> <li style="font-weight:400;"><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB"><span style="font-weight:400;">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB</span></a></li> <li style="font-weight:400;"><a href="https://industrialcyber.co/cisa/cisa-issues-emergency-directive-requiring-federal-agencies-to-mitigate-critical-cisco-asa-zero-day-vulnerabilities/"><span style="font-weight:400;">https://industrialcyber.co/cisa/cisa-issues-emergency-directive-requiring-federal-agencies-to-mitigate-critical-cisco-asa-zero-day-vulnerabilities/</span></a></li> </ul> <h2><span>Affected Versions</span><span style="font-weight:400;"><br /></span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p><span style="font-weight:400;">Last reviewed: </span><span style="font-weight:400;">Sep 29, 2025</span></p><div style="clear:both;"></div>