CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Kenya: Cyber attacks on computer systems, mobile apps surge

    February 10, 2024

    Cyber attacks on computer systems and mobile applications recorded the highest increase in the three months to December last year, the latest data from the Communications Authority of Kenya (CA) shows. According to the CA’s Cyber Security report for the period, system attack threats that were detected increased 10-fold compared to the preceding three-month period that ...

  • Ivanti urges customers to patch yet another critical vulnerability

    February 9, 2024

    In a new blog post, Ivanti says that it has found another vulnerability and urges customers to “immediately take action to ensure you are fully protected”. This vulnerability only affects a limited number of supported versions–Ivanti Connect Secure (version 9.1R14.4, 9.1R17.2, 9.1R18.3, 22.4R2.2 and 22.5R1.1), Ivanti Policy Secure version 22.5R1.1 and ZTA version 22.6R1.3. Please read ...

  • Maldocs ­Of Word And Excel: Vigor Of The Ages

    February 8, 2024

    Chasing new exploits, vulnerabilities, and threats is the way to go in the ever-changing cybercrime landscape. However, in a constant flow of information, the focus on yesterday’s highlights is low: every day, new CVEs occur, and new threats emerge. With this state of affairs, old menaces can be easily overlooked and still used by the attackers, ...

  • Coyote: A multi-stage banking Trojan abusing the Squirrel installer

    February 8, 2024

    The developers of banking Trojan malware are constantly looking for inventive ways to distribute theirs implants and infect victims. In a recent investigation, Kaspersky researchers encountered a new malware that specifically targets users of more than 60 banking institutions, mainly from Brazil. What caught their attention was the sophisticated infection chain that makes use of various ...

  • Google saves your conversations with Gemini for years by default

    February 8, 2024

    Don’t type anything into Gemini, Google’s family of GenAI apps, that’s incriminating — or that you wouldn’t want someone else to see. That’s the PSA (of sorts) today from Google, which in a new support document outlines the ways in which it collects data from users of its Gemini chatbot apps for the web, Android and ...

  • Data of 33 million people in France stolen in its largest ever cyberattack

    February 8, 2024

    Over 33 million people in France – nearly half of its population – have been impacted by the country’s biggest-ever cyberattack. Two French service providers for medical insurance companies were targetted, with the companies admitting that millions of people’s data were exposed to the hackers. Read more… Source: MSN News