CISA issued an emergency directive after discovering state-sponsored hackers are actively exploiting multiple zero-day vulnerabilities in Cisco firewalls and networking equipment. The campaign targets millions of devices, including ASA 5500-X series firewalls and IOS systems.
Three critical flaws allow remote code execution and privilege escalation: CVE-2025-20333 (CVSS 9.9), CVE-2025-20363 (CVSS 9.0), and CVE-2025-20362 (CVSS 6.5). A separate zero-day, CVE-2025-20352, affects SNMP systems in Cisco IOS software.
The attacks appear connected to the ArcaneDoor espionage campaign from spring 2024. Federal agencies must disconnect unsupported devices and upgrade others by September 26. Many affected devices are end-of-life, making immediate patching or replacement critical for organizations worldwide.
Source: Dark Reading