CISA has issued Emergency Directive 25-03, compelling U.S. federal civilian agencies to rapidly address critical zero-day vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower/FTD systems. Two vulnerabilities are central: CVE-2025-20333, which enables remote code execution, and CVE-2025-20362, which allows privilege escalation. The exploit campaign is extensive and highly sophisticated, including techniques that modify read-only memory (ROM) to maintain persistence across reboots and software upgrades.

Under the directive, agencies must immediately inventory all Cisco ASA and Firepower devices, collect forensic data (via core dumps), assess compromise, disconnect end-of-support systems, apply the required patches or upgrades, and report findings to CISA. Devices that are unsupported must be removed entirely. Because these perimeter assets are critical choke points, any compromise could offer attackers deep network access. The directive also urges non-federal organizations to heed the guidance and secure exposed Cisco firewall infrastructure.

‍

Source: https://industrialcyber.co/cisa/cisa-issues-emergency-directive-requiring-federal-agencies-to-mitigate-critical-cisco-asa-zero-day-vulnerabilities/