The U.S. CISA has issued an urgent directive requiring federal agencies to address critical vulnerabilities in Cisco ASA and Firepower devices exploited by sophisticated threat actors. International agencies are also warning about active exploitation of these vulnerabilities, which could allow remote code execution and privilege escalation. #CVE-2025-20333 #CVE-2025-20362
Keypoints
- The directive mandates immediate assessment and patching of affected Cisco devices in federal networks.
- Active exploitation campaigns are targeting vulnerabilities linked to the ArcaneDoor threat actor.
- Global agencies advise disabling certain VPN services and patching end-of-life Cisco devices promptly.
- Agencies must submit core dumps and inventory reports to CISA by specified deadlines.
- CISA will monitor ongoing threats and provide technical assistance to ensure compliance and security efforts.
Read More: https://thecyberexpress.com/cisa-warns-of-cve-2025-20333/