Cisco has issued security patches for multiple zero-day vulnerabilities affecting its firewall and IOS software, which are actively exploited in attacks. These flaws include remote code execution and unauthentication access, highlighting the urgent need for updates. #CVE-2025-20333 #CVE-2025-20362 #CVE-2025-20363
Keypoints
- Cisco has warned customers to patch two actively exploited zero-day vulnerabilities in its firewall software.
- The vulnerabilities include remote code execution and unauthenticated restricted URL access.
- Cisco collaborated with cybersecurity agencies like CISA and NCSC in the investigation.
- Large-scale scanning campaigns were detected targeting Cisco devices weeks before patches were released.
- Additional patches were provided for IOS and IOS XE software vulnerabilities also under attack.