Cisco ASA Exploitation Activity - Proxy

Rule Info

Name
Cisco ASA Exploitation Activity - Proxy
Author
Swachchhanda Shrawan Poudel (Nextron Systems)
Description
Detects suspicious requests to Cisco ASA WebVpn via proxy logs associated with CVE-2025-20333 and CVE-2025-20362 exploitation.
Reference
https://x.com/defusedcyber/status/1971492272966598683
Date
2025-11-20 00:00:00
Modified
None
Id
15697955-6a29-47ca-92e9-0e05efae3260
Tags
attack.initial-access attack.t1190 cve.2025-20333 cve.2025-20362 detection.emerging-threats
Type
Community Rule
Link to Public Repo
https://github.com/SigmaHQ/sigma/search?q=15697955-6a29-47ca-92e9-0e05efae3260

Rule History

Author
Title
Date
Commit
Swachchhanda Shrawan Poudel
Merge PR #5662 from @swachchhanda000 - Cisco ASA/FP SSL VPN Exploit (CVE-2025-20333 / CVE-2025-20362)
2025-11-21
64ba98e04
THOR Logo  Scan your endpoints, forensic images or collected files with our portable scanner THOR
  Warning: Access to VALHALLA is rate-limited - once you prove unworthy, access gets denied
  Nextron Systems 2022