"The internet monitoring outfit said that as of Monday, the internet-facing Cisco firewalls are potentially exploitable, with the vast majority of those - more than 19,000 - located in the US. The vulnerabilities in question are CVE-2025-20333 (9.9) and CVE-2025-20362 (6.5), which affect Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices. National security agencies such as the UK's NCSC and its equivalents in Canada, France, and the Netherlands each issued separate advisories warning of the threat the vulnerabilities present to organizations."
"When bugs like this are added to CISA's Known Exploited Vulnerability catalog, FCEB agencies are typically afforded a three-week window in order to apply patches. A 24-hour window is rare, but not unheard of, and is only used in cases where the likelihood of exploitation is especially high. CISA told all agencies that failing to patch affected devices would introduce an "unacceptable risk" to government systems."
Nearly 50,000 internet-facing Cisco ASA and FTD devices remain potentially exploitable by CVE-2025-20333 (9.9) and CVE-2025-20362 (6.5). Over 19,000 of the affected devices are located in the US. National cyber agencies in the UK, Canada, France, and the Netherlands issued advisories, and CISA ordered all federal civilian executive branch agencies to apply patches within 24 hours. The 24-hour mandate departs from the typical three-week remediation window used for Known Exploited Vulnerabilities and reflects a high likelihood of active exploitation. Observed attacks are attributed to the ArcaneDoor campaign deploying RayInitiator bootkit and Line Viper shellcode loader. Affected ASA versions include 9.12, 9.14, 9.16–9.20, 9.22–9.23 and ASA/FTD 7.0–7.4, 7.6–7.7.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]