The Clock is Ticking: CISA Orders Patches for Cisco Zero-Days
The U.S. Cybersecurity and Infrastructure Security Agency has directed federal agencies to patch two zero-day vulnerabilities affecting certain Cisco Systems devices. These vulnerabilities, identified as CVE-2025-20362 and CVE-2025-20333, impact Cisco's ASA 5500-X Series firewall appliances. Hackers are actively exploiting these flaws to install malware and gain unauthorized access to networks.
Maria Deutscher writes for SiliconANGLE
"The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade,” CISA officials detailed in this week’s directive to federal agencies.
Federal agencies have been instructed to create an inventory of vulnerable systems and apply patches or disconnect affected devices by a specified deadline.