CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities


CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices.

Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target these devices, posing significant risk to all organizations. The implementation guidance provides information on the minimum software versions that address these vulnerabilities and direct federal agencies to conduct corrective patching measures on devices that are not compliant with these requirements.

Read more…
Source: U.S. Cybersecurity and Infrastructure Security Agency


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • After a Cyber Attack: Dos and Don’ts for Higher Education IT Staff

    May 10, 2023

    For most colleges and universities, it’s a question of when, not if, they will experience a cyber attack. Here are seven key considerations for handling the aftermath of a breach. There is a treasure trove of sensitive and valuable information in higher education information systems that is tantalizing to hackers of all kinds. With networks that ...

  • North Korean hackers breached major hospital in Seoul to steal data

    May 10, 2023

    The Korean National Police Agency (KNPA) warned that North Korean hackers had breached the network of one of the country’s largest hospitals, Seoul National University Hospital (SNUH), to steal sensitive medical information and personal details. The incident occurred between May and June 2021, and the police conducted an analytical investigation during the past two years to ...

  • New phishing-as-a-service tool “Greatness” already seen in the wild

    May 10, 2023

    A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. Read more… Source: Talos  

  • Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt

    May 10, 2023

    Industrial cybersecurity company Dragos today disclosed what it describes as a “cybersecurity event” after a known cybercrime gang attempted to breach its defenses and infiltrate the internal network to encrypt devices. While Dragos states that the threat actors did not breach its network or cybersecurity platform, they got access to the company’s SharePoint cloud service and ...

  • UK man pleads guilty to hijacking Twitter accounts including of Joe Biden and Elon Musk

    May 10, 2023

    A British man has pleaded guilty over his role in schemes to hack the Twitter accounts of celebrities including Joe Biden and Elon Musk, as well as stealing $794,000 in cryptocurrency. Joseph James O’Connor, 23, entered his guilty plea in a New York court after being extradited from Spain on 26 April. Read more… Source: The Guardian  

  • Spanish police dismantle phishing operation linked to crime ring

    May 9, 2023

    The National Police of Spain have arrested two hackers, 15 members of a criminal organization, and another 23 people involved in illegal financial operations in Madrid and Seville for alleged bank scams. The cybercrime operation is an email and SMS-based phishing campaign that allegedly scammed over 300,000 people and resulted in confirmed losses of at least ...