""On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362," Netzilla noted in a Thursday security advisory. The new attacks cause unpatched firewalls to continually reload, leading to denial-of-service conditions, and are the latest in a series of strikes against vulnerable devices that have been ongoing since May."
"Cisco originally patched both flaws in September with the UK's National Cyber Security Centre and US Cybersecurity and Infrastructure Security Agency sounding the alarm on exploitation by an "advanced threat actor" with victims including at least one US government agency. The company also "dedicated a specialized, full-time team to this investigation, working closely with a limited set of affected customers.""
Cisco warned of a November 5, 2025 attack variant targeting Cisco Secure ASA and Secure FTD releases affected by CVE-2025-20333 and CVE-2025-20362. The attacks force unpatched firewalls to repeatedly reload, causing denial-of-service, and form part of a campaign active since May. Both flaws were patched in September after the UK's NCSC and US CISA reported exploitation by an advanced threat actor with at least one US government victim. Cisco worked with multiple government incident-response agencies, dedicated a specialized full-time team, and coordinated patches. Attackers exploited multiple zero-days, disabled logging, intercepted CLI, crashed devices, and modified ROMmon for persistence. Cisco also patched two critical UCCX bugs not yet actively exploited.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]