CISA has issued warnings and emergency directives urging U.S. federal agencies to urgently patch two critical vulnerabilities in Cisco ASA and Firepower devices, which are actively exploited in ongoing attacks. Despite previous updates, some organizations remain unpatched, leaving their networks vulnerable to remote code execution and complete device takeover. #CISA #CiscoASA #ZeroDay #ArcaneDoor
Keypoints
- CISA warns of actively exploited vulnerabilities in Cisco ASA and Firepower devices.
- Vulnerabilities CVE-2025-20362 and CVE-2025-20333 can lead to remote code execution and full device control.
- Cyber attackers linked these flaws to the ArcaneDoor campaign targeting government networks.
- Many federal agencies failed to properly patch their vulnerable devices, leaving them exposed.
- CISA has issued emergency directives requiring immediate patching and verification of updates.