CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • AnyDesk confirms cyber attack, revokes certificates as hackers infiltrate systems

    February 5, 2024

    AnyDesk has confirmed it suffered a cyberattack in which hackers were able to compromise its production systems. In a press release published on the company’s website, the remote access provider said it spotted the attack after seeing “indications of an incident” in some of its systems. Subsequent investigation uncovered compromise in the company’s production systems, it ...

  • Python Info-stealer Distributed by Malicious Excel Document

    February 5, 2024

    In January 2024, FortiGuard Labs obtained an Excel document distributing an info-stealer. From the fingerprints in this attack, it is related to a Vietnamese-based group that was first reported on in August 2023 and again in September. The attack stages before the info-stealer are simple downloaders that increase the difficulty of detection. This article introduces each stage ...

  • South Korea: KF-21 Fighter Jet Technology Leak Attempt Raises Concerns Over Diplomatic Tensions

    February 5, 2024

    An Indonesian technician working for Korea Aerospace Industries (KAI) was caught trying to leak internal documents related to the Korean supersonic fighter jet KF-21 ‘Boramae.’ While no core technology leaks have been confirmed yet, it is known that the individual attempted to extract a substantial amount of data. According to the Defense Acquisition Program Administration and ...

  • Oman sees surge in cyber crimes

    February 5, 2024

    The Public Prosecution in Oman has revealed that there were 140 cases of cybercrime in 2023, compared to 126 in 2022 while cases related to online content increased to 2,686 in 2023 from 2,519 in 2022. These cases included misusing financial cards, attempting, assisting, or agreeing to commit information technology fraud. Cases involving a violation of ...

  • Cyber attack hits Pennsylvania Courts’ website

    February 5, 2024

    Pennsylvania Courts’ website was targeted in a cyber attack on Sunday. Pennsylvania’s Chief Justice Debra Todd made the announcement, saying portions of the website were made unavailable due to the attack. The situation was described as a denial of service cyber attack. Todd said there was no indication any court data was compromised and courts will ...

  • Pakistan: Balochistan decides to ‘restrict’ internet service in ‘sensitive polling booths’

    February 5, 2024

    The caretaker government in Balochistan has decided to keep the internet service restricted in the sensitive polling booths in certain areas of the province in the lead-up to the February 8 polls amid dire security risks due to a spike in terrorist attacks. Balochistan caretaker Information Minister Jan Achakzai on Sunday night announced the decision, citing ...