CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Hackers steal and destroy millions from Iran’s largest crypto exchange

    June 18, 2025

    Iran’s largest crypto exchange, Nobitex, said Wednesday that it was hacked and funds have been drained from its hot wallet. In a statement on its website translated by TechCrunch, Nobitex said it detected unauthorized access to its infrastructure and hot wallet, in which the company stores a portion of its customers’ cryptocurrency. The company said it ...

  • Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

    June 17, 2025

    This blog details research and analysis of an active campaign that exploits a critical unauthenticated remote code execution (RCE) vulnerability, CVE-2025-3248, that has been identified in Langflow versions prior to 1.3.0. Langflow is a Python-powered visual framework for building AI applications with over 70,000 GitHub stars, and its versions prior to 1.3.0 contains a flaw ...

  • U.S. companies brace for Israel-Iran cyber spillover

    June 17, 2025

    As Israel and Iran exchange airstrikes, cybersecurity experts are warning that a quieter, but still destructive, digital conflict is unfolding behind the scenes. And U.S. companies could soon find themselves in the blast radius. Iran and Israel are home to some of the world’s most skilled hackers. Escalating tensions between the two could spill over into ...

  • Innovative Tunnelling and Forensic Tool Abuse: IR Tales from the Field

    June 17, 2025

    Rapid7’s Incident Response (IR) team was engaged to investigate an incident involving an attempted Cobalt Strike execution. The investigation uncovered twists and turns with pre-ransomware activities, tunneling tools, and attackers taking a page out of the defender’s playbook. The attacker took careful steps to maintain access to the environment through persistence that mimicked normal user behavior. ...

  • Exploring a New KimJongRAT Stealer Variant and Its PowerShell Implementation

    June 17, 2025

    This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer. Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT stealer was first described in 2013 by the Malware.lu CERT. Palo Alto researchers documented another variant ...

  • VMDetector-Based Loader Abuses Steganography to Deliver Infostealers

    June 16, 2025

    Recently, the SonicWall Capture Labs threat research team has identified various malware strains being distributed through a custom VMDetector Loader. This loader is typically delivered to the victim’s system via image files embedded with steganography. The primary payloads observed include popular malware families such as Remcos, VIPKeyLogger, AveMariaRAT, DCRAT, FormBook, and others. Attackers send an email ...