feat: add detection for CVE-2025-20333 and CVE-2025-20362#5662
Merged
swachchhanda000 merged 9 commits intoSigmaHQ:masterfrom Nov 21, 2025
Merged
feat: add detection for CVE-2025-20333 and CVE-2025-20362#5662swachchhanda000 merged 9 commits intoSigmaHQ:masterfrom
swachchhanda000 merged 9 commits intoSigmaHQ:masterfrom
Conversation
phantinuss
approved these changes
Sep 29, 2025
rules-emerging-threats/2025/Exploits/CVE-2025-20333/web_exploit_cve_2025_20333.yml
Outdated
Show resolved
Hide resolved
rules-emerging-threats/2025/Exploits/CVE-2025-20333/web_exploit_cve_2025_20333.yml
Outdated
Show resolved
Hide resolved
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds detection for two critical Cisco ASA/FP SSL VPN exploits (CVE-2025-20333 and CVE-2025-20362) by implementing a Sigma rule that identifies suspicious web requests to specific exploit paths.
- Adds a new Sigma detection rule for Cisco ASA/FP web service exploitation
- Targets specific URI patterns associated with version fingerprinting and exploitation attempts
- Maps to MITRE ATT&CK technique T1190 (Exploit Public-Facing Application)
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
rules-emerging-threats/2025/Exploits/CVE-2025-20333/web_exploit_cve_2025_20333.yml
Show resolved
Hide resolved
swachchhanda000
force-pushed
the
master
branch
from
a6254cb to
b9a91bb
Compare
Collaborator
Author
|
Created a new PR to handle the failing check. |
swachchhanda000
force-pushed
the
cisco_cve_2025_20333
branch
from
4af32e2 to
5cd7414
Compare
frack113
reviewed
Nov 17, 2025
rules-emerging-threats/2025/Exploits/CVE-2025-20333/proxy_exploit_cve_2025_20333.yml
Show resolved
Hide resolved
swachchhanda000
commented
Nov 17, 2025
rules-emerging-threats/2025/Exploits/CVE-2025-20333/proxy_exploit_cve_2025_20333.yml
Outdated
Show resolved
Hide resolved
swachchhanda000
commented
Nov 17, 2025
rules-emerging-threats/2025/Exploits/CVE-2025-20333/web_exploit_cve_2025_20333.yml
Outdated
Show resolved
Hide resolved
frack113
approved these changes
Nov 17, 2025
rules-emerging-threats/2025/Exploits/CVE-2025-20333/proxy_exploit_cve_2025_20333.yml
Show resolved
Hide resolved
nasbench
approved these changes
Nov 20, 2025
…t_cve_2025_20333.yml
Updated title and description for clarity, modified date, and added CVE tags.
swachchhanda000
force-pushed
the
cisco_cve_2025_20333
branch
from
6418a51 to
7b089df
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary of the Pull Request
Changelog
new: Cisco ASA/FP SSL VPN Exploit (CVE-2025-20333 / CVE-2025-20362) - Proxy
Example Log Event
Fixed Issues
SigmaHQ Rule Creation Conventions