Cisco ASA Zero-Day Exploited by Chinese State Hackers in Critical Infrastructure Attacks

Chinese hackers exploit critical Cisco firewall flaw, CVE-2025-20333, demanding urgent patching by federal agencies in a global threat.

By Content Team

Sep 29, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Chinese state-sponsored hackers have actively exploited CVE-2025-20333, a devastating zero-day vulnerability in Cisco ASA firewalls with a 9.9 severity score. The flaw allows remote code execution with root privileges when chained with another vulnerability that bypasses authentication.

The UAT4356 threat group deployed sophisticated malware called RayInitiator and LINE VIPER on compromised Cisco ASA 5500-X Series devices. RayInitiator persists at the firmware level, surviving reboots and updates, while LINE VIPER provides command and control capabilities through encrypted communications.

CISA issued Emergency Directive ED-25-03 requiring federal agencies to patch within 24 hours or disconnect affected devices. This represents a major evolution of the ArcaneDoor campaign, targeting critical network perimeter defenses worldwide.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

SAP Releases Critical Security Patches for January 2026 - Immediate Action Required

Jan 13, 2026

Hackers Target Zero-Day Flaw in Old D-Link Routers No Longer Getting Updates

Jan 8, 2026

Cisco Patches Critical Zero-Day Flaw Already Being Exploited in the Wild

Jan 24, 2026

Critical Google Looker Flaws Let Attackers Access Multiple Companies' Data

Feb 6, 2026