CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • The GitVenom campaign: cryptocurrency theft using GitHub

    February 24, 2025

    In our modern world, it’s difficult to underestimate the impact that open-source code has on software development. Over the years, the global community has managed to publish a tremendous number of projects with freely accessible code that can be viewed and enhanced by anyone on the planet. With more and more open-source projects being published, both ...

  • F5 Releases Quarterly Security Notification

    February 24, 2025

    F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IP Next. The overview of security advisories addresses 13 vulnerabilities rated as high impact, 3 rated as medium impact, and 1 as low impact. One of the high impact advisories concerns the command injection vulnerability CVE-2025-20029, which has a CVSSv4 ...

  • Crypto exchange Bybit says it fully replenished reserves after record $1.5 billion hack

    February 24, 2025

    Bybit said it replenished its reserves following a $1.5 billion hack last week, the largest in the history of the crypto industry. In less than 72 hours, Bybit pieced together hundreds of thousands of ether tokens through a mix of emergency loans and large deposits. While the rapid recovery restored the exchange’s balance and kept customer ...

  • Medixant Releases Security Update for RadiAnt DICOM Viewer

    February 24, 2025

    Medixant has released a security update to address an improper certificate validation vulnerability in RadiAnt DICOM Viewer. CVE-2025-1001 has a CvSSv4 score of 5.7 and could allow an attacker with privileged network access to impersonate RadiAnt’s update server. An attacker could modify the server’s response to deliver a malicious update to the user, performing a machine-in-the-middle ...

  • South African Weather Service systems restored amid increasing cyber attacks

    February 24, 2025

    The SAWS Information and Communication Technology (ICT) systems went down on January 26 following a security breach by criminals. Aspects of critical services including aviation and marine were all interrupted. The SAWS email system and website, which is the hub of critical weather information, were also affected. The attack was the second in the space of ...

  • Angry Likho: Old beasts in a new forest

    February 21, 2025

    Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we’ve analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks tend to be targeted, with a more compact infrastructure, a limited ...