This week highlights a critical vendor-specific vulnerability: a deserialization flaw in the License Servlet of Fortra’s GoAnywhere MFT. By forging a license response signature, an attacker can trigger deserialization of arbitrary objects, potentially leading to command injection.
Key Findings
- Cisco (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363): Multiple vulnerabilities that could allow attackers to exploit unsafe deserialization and input validation flaws. Successful exploitation may result in arbitrary code execution, privilege escalation, or command injection on affected systems.
Impact
Cisco (CVE-2025-20333, CVE-2025-20362, CVE-2025-20363): Exploitation enables attackers to escalate privileges or achieve remote code execution via command injection.
Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
---|---|---|---|---|---|---|
Cloudflare Managed Ruleset | a1bef4ada0b146d2862cad439ee0ab84 | 100788 | Cisco Secure Firewall Adaptive Security Appliance – Remote Code Execution – CVE:CVE-2025-20333, CVE:CVE-2025-20362, CVE:CVE-2025-20363 | N/A | Disabled | This is a New Detection |
Cloudflare Managed Ruleset | 51de6ce6596a40eb8200452ad30f768e | 100788A | Cisco Secure Firewall Adaptive Security Appliance – Remote Code Execution – CVE:CVE-2025-20333, CVE:CVE-2025-20362, CVE:CVE-2025-20363 | N/A | Disabled | This is a New Detection |
Source: Cloudflare
Latest Posts
- Power Platform – Dataverse audit record’s CreatedOn property service change now available [MC1167115]
- Dynamics 365 Apps – Upcoming permission enforcement for Dataverse Solutions [MC1167093]
- Power Platform – Planned maintenance [MC1167078]
- Research and Engineering Studio on AWS 2025.09 is now available