CISA has issued Emergency Directive ED 25-03 to address critical vulnerabilities in Cisco ASA and Cisco Firepower devices, urging immediate action from federal agencies and others. The directive requires identification, analysis, and mitigation of compromised devices, with forensic data collection by September 26. #CiscoASA #CiscoFirepower #Vulnerabilities
Keypoints
- CISA issued Emergency Directive ED 25-03 to address Cisco device vulnerabilities.
- Federal agencies must identify all Cisco ASA and Firepower devices in operation.
- Devices affected include those with CVE-2025-20333 and CVE-2025-20362 vulnerabilities.
- Agencies are required to send memory files to CISA for forensic analysis by September 26.
- CISA recommends all organizations review the directive and implement mitigation measures.