CISA warns exploited Cisco flaws are a serious risk, so patch now

News
By published

Some agencies failed to properly apply the Cisco patch

Padlock against circuit board/cybersecurity background
(Image credit: Getty Images)
  • CISA warns agencies failed to properly patch two actively exploited Cisco firewall vulnerabilities
  • CVE-2025-20333 and CVE-2025-20362 were linked to the ArcaneDoor campaign targeting government networks
  • Over 32,000 devices remain vulnerable despite emergency directives and patching efforts

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning Federal Civilian Executive Branch agencies (FCEB) that some of them failed to properly patch two important Cisco vulnerabilities being actively exploited in the wild.

As a result, these agencies continue to be at risk of malware, infostealer, and possibly even ransomware attacks.

The two flaws in question are tracked as CVE-2025-20333, and CVE.2025-20362, discovered in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) software in September 2025.

Mistakes in patching

At the time, Cisco said that both were exploited as zero-days to target 5500-X Series devices with web services enabled.

The company stressed the attacks were linked to the ArcaneDoor campaign that’s been active for years, going after government networks.

The same day, CISA issued an emergency directive, giving federal agencies just 24 hours to patch up or stop using the vulnerable software. Usually, when CISA adds a bug to its Known Exploited Vulnerabilities (KEV) catalog, it gives a three-week deadline for patching.

However, it seems that some agencies did not properly patch their systems up and thus remained vulnerable.

“CISA is aware of multiple organizations that believed they had applied the necessary updates but had not in fact updated to the minimum software version,” the agency said in an updated advisory, published on November 12, 2025.

“CISA recommends all organizations verify the correct updates are applied. For agencies with ASA or Firepower devices not yet updated to the necessary software versions or devices that were updated after September 26, 2025, CISA recommends additional actions to mitigate against ongoing and new threat activity. CISA urges all agencies with ASAs and Firepower devices to follow this guidance.”

The Shadowserver Foundation currently tracks around 32,000 vulnerable devices, down from almost 40,000 a month ago. Progress, but slow.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.