CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Musk Blames DDoS Attack For 40-Minute Delayed Start to Trump’s X Livestream

    August 13, 2024

    Technical difficulties delayed former President Donald Trump’s live conversation with Elon Musk on X by over 40 minutes. Musk blamed the issues on a distributed denial-of-service (DDoS) cyberattack, in which a bad actor seeks to overload a target server with traffic, rendering it unusable. His claims could not be verified. “We unfortunately had a massive distributed ...

  • ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts

    August 13, 2024

    This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Actions artifacts generated as part of organizations’ CI/CD workflows. A combination of misconfigurations and security flaws ...

  • FBI investigating attempts to hack Biden-Harris and Trump campaigns

    August 12, 2024

    Federal investigators are looking into whether Iranian hackers targeted individuals associated with the Trump and Biden-Harris campaigns, three people familiar with the investigation confirmed to CBS News. The FBI launched the probes in the early summer, after both presidential campaigns experienced attempted phishing schemes targeting people on the campaign, the sources said. Iran-backed cybercriminals are the ...

  • EU’s Breton says Musk must comply with EU law ahead of Trump interview

    August 12, 2024

    EU industry chief Thierry Breton told billionaire Elon Musk in a letter on Monday he must comply with EU law ahead of Musk’s interview with U.S. presidential candidate Donald Trump on social media platform X. The interview, scheduled for 8PM Eastern Time (0000 Tuesday GMT), will also be accessible to users in the EU, Breton wrote, ...

  • Ongoing Social Engineering Campaign Refreshes Payloads

    August 12, 2024

    On June 20, 2024, Rapid7 identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures (TTPs) that are consistent with an ongoing social engineering campaign being tracked by Rapid7. The initial lure being utilized by the threat actors remains the same: an email bomb followed by an attempt to call impacted users and offer ...

  • 5G network flaws could be abused to let hackers spy on your phone

    August 12, 2024

    5G basebands could be exploited by attackers to allow them to send fake messages to your contacts, or even hand over your credentials using a very real-looking website, experts have warned. Unveiled at the Black Hat cybersecurity conference, a research group from Pennsylvania State University presented their vulnerability sniffing tool 5GBaseChecker. Read more… Source: MSN News Sign up for ...