## https://sploitus.com/exploit?id=6A4F1714-1631-525B-AE36-70710D0425C5
# CVE-2025-20333 Scanner
A Python-based diagnostic scanner for **Cisco ASA / FTD VPN Web Server Buffer Overflow (CVE-2025-20333)**.
> **CVE-2025-20333** is a critical heap-based buffer overflow vulnerability in the WebVPN file upload handler that can lead to **remote code execution (RCE) as root** when successfully exploited.
---
## Overview
This tool performs **safe, non-destructive testing** by checking whether vulnerable endpoints (primarily the file upload handler) are reachable. It is designed for security researchers, penetration testers, and system administrators to assess exposure on systems they are authorized to test.
**Important**: This script only performs GET requests and does **not** attempt exploitation.
### Vulnerability Details
- **CVE ID**: CVE-2025-20333
- **Severity**: Critical (CVSS 9.9)
- **Type**: Heap Buffer Overflow (CWE-120)
- **Affected Products**: Cisco Secure ASA and Cisco Secure FTD with WebVPN / AnyConnect enabled
- **Prerequisites**: Usually requires authentication (often chained with **CVE-2025-20362** authentication bypass)
- **Impact**: Remote Code Execution as root
---
## Features
- Tests key WebVPN file handling endpoints
- Includes common path traversal / normalization bypass patterns
- Safe GET-only requests (no payloads sent)
- Clear vulnerability indicators
- Colored console output for easy reading
---
## Usage
```bash
python CVE-2025-20333-Scanner.py https://target-vpn.example.com