CISA Issues Urgent Warning to Federal Agencies: Fully Patch Cisco Vulnerabilities to Prevent Remote Code Execution
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert to U.S. federal agencies, urging them to take immediate action to patch two actively exploited vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. These flaws, tracked as CVE-2025-20362 and CVE-2025-20333, pose a significant risk to government networks. If left unpatched, they can enable remote threat actors to access restricted URL endpoints without authentication and gain code execution on vulnerable Cisco firewall devices.
The vulnerabilities have been exploited in attacks targeting 5500-X Series devices with VPN web services enabled, linked to the ArcaneDoor campaign, which has breached government networks since November 2023. CISA's Emergency Directive 25-03 mandates that federal agencies secure their Cisco firewall devices within 24 hours against these active exploits.
However, CISA has also revealed that some government agencies have failed to correctly patch vulnerable devices, leaving them exposed to attacks. The agency recommends that all organizations verify the correct updates are applied and has released new guidance to help federal agencies secure their networks against these vulnerabilities.
CISA's warning comes as the agency also ordered U.S. federal agencies to patch Samsung devices against a critical vulnerability used in zero-day attacks to deploy LandFall spyware and to address a remote code execution vulnerability in WatchGuard Firebox firewalls. This highlights the ongoing need for vigilance and proactive security measures in the face of evolving cyber threats.
