Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Off IT Securty Articles,

What’s new: Cisco has reported two zero-day vulnerabilities affecting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software. These vulnerabilities, CVE-2025-20333 (CVSS score: 9.9) and CVE-2025-20362 (CVSS score: 6.5), are being actively exploited. CVE-2025-20333 allows authenticated attackers to execute arbitrary code, while CVE-2025-20362 permits unauthenticated attackers to access restricted URLs.

Who’s affected

Organizations using Cisco ASA and FTD Software are at risk, particularly those with vulnerable versions of the software. CISA has noted that the exploitation campaign is widespread and linked to a threat actor known as UAT4356 (aka Storm-1849).

What to do

  • Immediately apply patches provided by Cisco for the identified vulnerabilities.
  • Follow CISA’s emergency directive ED 25-03 to identify and mitigate potential compromises within 24 hours.
  • Monitor network activity for signs of exploitation related to these vulnerabilities.

Sources

Tags: ,

Related posts

About The Author