72 views 28 secs 0 comments

UK and US security agencies order urgent fixes as Cisco firewall bugs exploited in wild

In Vulnerabilities, News
September 26, 2025
UK and US security agencies order urgent fixes as Cisco firewall bugs exploited in wild

The Register reports:

Cybersecurity agencies on both sides of the Atlantic are sounding the alarm over Cisco firewall vulnerabilities that are being exploited by an “advanced threat actor.”

The Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive on Thursday, saying there is “an unacceptable risk” to government systems if Cisco’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices are left unpatched. Federal agencies have been given just 24 hours to identify affected kit, check logs for compromise, and apply Cisco’s fixes.

CISA also warned that any ASA boxes hitting end-of-life on September 30 shouldn’t just be patched – they need to be yanked off networks for good.

The UK’s National Cyber Security Centre has also urged organizations to patch the vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, which are being abused to “implant malware, execute commands, and potentially exfiltrate data from compromised devices.”

Cisco released patches for the flaws on Thursday, and warned that when chained together, they could let attackers remotely take complete control of devices.

Read more at The Register.