Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Briefly

"CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input in HTTP(S) requests vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests CVE-2025-20362 (CVSS score: 6.5) - An improper validation of user-supplied input in HTTP(S) requests vulnerability that could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication by sending crafted HTTP requests Cisco said it's aware of "attempted exploitation" of both vulnerabilities, but did not reveal who may be behind it, or how widespread the attacks are. It's suspected that the two vulnerabilities are being chained to bypass authentication and execute malicious code on susceptible appliances."

"It also credited the Australian Signals Directorate, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security, U.K. National Cyber Security Centre (NCSC), and U.S. Cybersecurity and Infrastructure Security Agency (CISA) for supporting the investigation. CISA Issues Emergency Directive ED 25-03 In a separate alert, CISA said it's issuing an emergency directive urging federal agencies to identify, analyze, and mitigate potential compromises with immediate effect. In addition, both vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog, giving the agencies 24 hours to apply the necessary mitigations. "CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA)," the agency noted."