Vulnerabilities in Cisco firewalls have been actively exploited and posed a critical risk to government systems.
Cybersecurity agencies in the US and UK are raising alarms about critical vulnerabilities in Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls. The bugs, CVE-2025-20333 and CVE-2025-20362, are being actively exploited by an advanced threat actor.
Immediate Action Required
According to the US Cybersecurity and Infrastructure Security Agency (CISA), this poses “an unacceptable risk” to government systems. US federal agencies have been given 24 hours to scan systems, check logs, and install patches. Cisco recommends completely taking offline devices that reach end-of-life from September 30.
Cisco released patches on Thursday and warned that the vulnerabilities could lead to complete takeover of firewalls. Since May, Cisco and government agencies were aware of the exploited vulnerabilities. Attackers installed malware, executed commands, and stole data.
Link to ArcaneDoor Campaign
Cisco links the attacks to ArcaneDoor, an espionage campaign that came to light in 2024. In it, attackers used custom-made tools to break into government and telecom networks. Research by Censys links IP addresses to Chinese networks and anti-censorship software, The Register reports.
Last week, another zero-day vulnerability came to light in the SNMP functionality of devices running IOS or IOS XE.