CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • China: Rast ransomware gang aiming at domestic government and enterprises

    September 29, 2024

    From December 2023 to the present, QiAnXin Threat Intelligence Center observed that a ransomware written in rust language is very active on the Chinese Internet, and a large number of machines in China have been ransomed, with up to more than 20 victimized units only in the terminals of government and enterprises, which the researchers call ...

  • Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number

    September 27, 2024

    In June of 2024 security researchers uncovered a set of vulnerabilities in the Kia dealer portal that allowed them to remotely take over any Kia vehicle built after 2013—and all they needed was a license plate number. According to the researchers: “These attacks could be executed remotely on any hardware-equipped vehicle in about 30 seconds, regardless ...

  • Iranian Cyber Actors Targeting Personal Accounts to Support Operations

    September 27, 2024

    The Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by cyber actors working on behalf of the Iranian Government’s Islamic Revolutionary ...

  • Multiple Vulnerabilities in Common Unix Printing System (CUPS)

    September 27, 2024

    On Thursday, September 26, 2024, a security researcher publicly disclosed several vulnerabilities affecting different components of OpenPrinting’s CUPS (Common Unix Printing System). CUPS is a popular IPP-based open-source printing system primarily (but not only) for Linux and UNIX-like operating systems. According to the researcher, a successful exploit chain allows remote unauthenticated attackers to replace existing printers’ ...

  • UK data watchdog investigating MoneyGram data breach

    September 27, 2024

    The U.K.’s data protection regulator has confirmed it’s investigating MoneyGram after receiving a data breach report from the U.S.-based money transfer giant. The U.K.’s Information Commissioner’s Office, which requires that organizations report data breaches within 72 hours of discovering the incident, confirmed to TechCrunch on Friday that the watchdog had received a report from MoneyGram following ...

  • Ransomware attacks increasingly target Vietnam’s financial sector

    September 26, 2024

    At a recent conference on digital finance, Le Van Tuan, Director of the Department of Information Security under the Ministry of Information and Communications, said finance is a sector with a high ranking in digital transformation, but at the same time, the risk of information security is always lurking with the sector. According to statistics from ...