Senate Investigates Cisco Over Zero-Day Firewall Vulnerabilities

The vulnerabilities, identified as CVE-2025-20333 and CVE-2025-20362, affect Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices, enabling unauthenticated remote code execution and privilege escalation.

These flaws, exploited in a campaign linked to the ArcaneDoor threat actor since at least early 2024, allow attackers to implant persistent malware that survives reboots and upgrades by manipulating read-only memory (ROM).

CISA’s Emergency Directive 25-03, issued on September 25, 2025, mandated federal agencies to inventory all affected devices, conduct forensic analysis via core dumps, and apply patches within 24 hours or disconnect end-of-life hardware entirely.

Read the complete article here.