India, Sept. 26 -- Cisco has issued an urgent advisory about a zero-day vulnerability in its Adaptive Security Appliance (ASA) devices. The flaw is currently under active exploitation by an advanced threat group, allowing them to hijack sessions and bypass Duo multifactor authentication (MFA). This vulnerability, which does not require valid credentials, has exposed enterprise and government networks to intrusion.

This vulnerability, or more accurately, a chain of two vulnerabilities (CVE-2025-20333 and CVE-2025-20362), allows attackers to hijack sessions and bypass Duo multifactor authentication (MFA). The attack works by sending crafted requests that manipulate session handling within ASA, tricking the system into thinking the Duo chal...