CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Why tourists are particularly vulnerable to cyber attacks

    April 25, 2024

    Travelling abroad always comes with the potential risk of cybercrime threats including spoofing, phishing attacks, catfishing, fraudulent links and calls, spamming, etc. These travel risks are more for tourists who are generally travelling to a new country for the first time or are alone. They don’t know much about the native language of the new place ...

  • Polish minister says government used spyware against hundreds of people

    April 25, 2024

    The use of spyware in Poland under the previous government resulted in accusations that the authorities were abusing power and eroding democratic guardrails. Poland’s prosecutor general said on Wednesday that Pegasus spyware was used against hundreds of people during the former Polish government. Adam Bodnar told lawmakers that he found the scale of the surveillance to ...

  • UK: Personal details of 200,000 people at risk after neighbourhood watch system data breach

    April 24, 2024

    The names, email addresses and telephone numbers of up to 200,000 people could have been obtained by hackers following a major data breach at a police-backed alert system. Bosses at the company which manages the ‘In The Know’ alert system, which is used by Lancashire Police and Lancashire Fire and Rescue Service, have apologised. Read more… Source: MSN ...

  • United Nations investigating potential ransomware attack after data ripped from IT systems

    April 23, 2024

    Hackers managed to break into the United Nations Development Programme (UNDP) IT systems in Copenhagen, stealing a wide range of sensitive data. Ransomware gang 8Base has claimed responsibility, posting on its own website that the group had managed to get its hands on employment contracts, personal data, invoices and much more Read more… Source: MSN News Sign up for ...

  • Are We Ready for a Cyber Attack on Food and Farming?

    April 23, 2024

    Federal officials and lawmakers are preparing to defend against cyber attacks that would leave residents without reliable access to food by targeting the food and agriculture sectors. The latest preparation effort is Cyber Storm — a massive, multiday tabletop exercise involving state, local, tribal, territorial, federal and private-sector organizations — and it probed how well participants ...

  • Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

    April 22, 2024

    Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks. Since at least June 2020 and possibly as early as April 2019, Forest Blizzard has used the tool, which we refer to as ...