Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Emergency Directive to address two critical zero-day vulnerabilities identified as CVE-2025-20333 and CVE-2025-20362. These vulnerabilities affect Cisco Adaptive Security Appliances (ASA) and specific Firepower platforms.

Vulnerability Details

The vulnerabilities allow unauthenticated remote code execution and privilege escalation, potentially enabling threat actors to modify read-only memory (ROM) for persistence through reboots and system upgrades.

The campaign is linked to ArcaneDoor activity, first identified in early 2024, where adversaries manipulated ASA ROM.

Cisco has released security updates addressing these vulnerabilities:

• CVE-2025-20333: Allows remote code execution on vulnerable ASAs.
• CVE-2025-20362: Permits privilege escalation to root-level access.

Failure to remediate these vulnerabilities poses a significant risk to federal information systems and critical infrastructure.

Emergency Directive Actions

For all public-facing ASA hardware, agencies must perform CISA’s Core Dump and Hunt Instructions Parts 1–3 and submit core dumps via the Malware Next Gen portal by Fri, Sep 26, 2025, 11:59 PM EDT.

• If “Compromise Detected,” disconnect (but do not power off), report to CISA, and coordinate incident response.
• If “No Compromise Detected,” proceed to software updates or device decommissioning.

Permanently disconnect ASA hardware with end-of-support on or before Tue, Sep 30, 2025. Agencies unable to comply must apply Cisco-provided software updates by Fri, Sep 26, 2025, and plan for decommissioning.

Download and apply the latest Cisco updates for ASA hardware models supported through Sun, Aug 31, 2026, and for all ASAv and FTD appliances by Fri, Sep 26, 2025.

By Thu, Oct 2, 2025, 11:59 PM EDT, submit a complete inventory and action report to CISA using the provided template. These measures apply to all federal information systems, including those hosted by third-party providers.

Agencies are responsible for maintaining inventories and ensuring compliance. CISA will report cross-agency status and outstanding issues to senior leadership by Sun, Feb 1, 2026.