CISA directs federal agencies to urgently patch Cisco firewall vulnerabilities amid ongoing attacks
📅
Published: 11/13/2025
🔄
Updated: 11/13/2025, 6:51:35 PM
📊
11 updates
⏱️
7 min read
📱 This article updates automatically every 10 minutes with breaking developments
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent emergency directive ordering all federal civilian agencies to immediately patch critical vulnerabilities in Cisco firewall devices amid an ongoing, sophisticated hacking campaign actively exploiting these flaws. The directive, issued on September 25, 2025, mandates that agencies either patch or disconnect vulnerable Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) devices by September 26 at 11:59 p.m. to prevent further compromise[2][6][8].
These vulnerabilities are zero-day exploits with severity sc...
These vulnerabilities are zero-day exploits with severity scores as high as 9.9, enabling attackers to maintain persistence on devices through reboots and system upgrades, disable logging, and evade detection. The hacking campaign, linked to a state-sponsored group known as ArcaneDoor, has been ongoing since November 2023, targeting U.S. government networks to conduct espionage and network intrusions[2][6].
CISA’s emergency directive (ED 25-03) requires agencies to:
- Identify and inventory all Cisco firewall devices within s...
- Identify and inventory all Cisco firewall devices within scope on their networks.
- Apply patches provided by Cisco to remediate the zero-day vulnerabilities.
- Disconnect any devices that have reached end-of-support or cannot be patched immediately.
- Conduct forensic analysis using CISA’s threat hunting tools and procedures to detect any signs of compromise.
- Report back to CISA by October 3 with details on actions taken and device status[6][8].
Cisco has confirmed multiple variants of these attacks, incl...
Cisco has confirmed multiple variants of these attacks, including a new wave discovered in early November 2025, highlighting the advanced nature and persistence of the threat actor. The vulnerabilities specifically affect Cisco’s Secure ASA and Secure FTD software platforms, which are widely used for network perimeter defense in federal and private sectors[5][7].
Madhu Gottumukkala, acting director of CISA, emphasized the...
Madhu Gottumukkala, acting director of CISA, emphasized the criticality of the situation, stating that the ease with which attackers exploit these vulnerabilities poses a significant risk to victim networks and underscores the urgency of immediate patching efforts[6].
While the emergency directive legally applies only to federa...
While the emergency directive legally applies only to federal civilian executive branch agencies, CISA strongly encourages other government entities and private organizations using Cisco firewalls to follow the same guidance to mitigate risks[2].
This directive comes amid concerns that some federal agencie...
This directive comes amid concerns that some federal agencies have not yet fully patched their vulnerable Cisco devices despite the ongoing active exploitation, raising alarms about the potential for further breaches and data theft within U.S. government networks[3][9].
In summary, CISA’s urgent order highlights an escalating cyb...
In summary, CISA’s urgent order highlights an escalating cybersecurity threat targeting critical firewall infrastructure, demanding swift federal action to safeguard sensitive government systems from sophisticated espionage campaigns exploiting unpatched Cisco firewall vulnerabilities.
🔄 Updated: 11/13/2025, 5:00:40 PM
CISA has issued an urgent directive to federal agencies to immediately patch Cisco Secure Firewall ASA and FTD devices, warning that at least two critical vulnerabilities are under active exploitation by China-linked hackers in the ongoing ArcaneDoor espionage campaign. As of November 12, 2025, CISA confirmed that a significant number of federal networks remain unpatched despite the availability of fixes, with Cisco reporting a new attack variant targeting unsecured web services as recently as November 5. “These vulnerabilities pose an unacceptable risk to federal systems,” a CISA spokesperson stated, urging agencies to prioritize remediation within 48 hours.
🔄 Updated: 11/13/2025, 5:10:51 PM
I don't have information available about consumer and public reaction to CISA's directive on the Cisco firewall vulnerabilities. The search results focus on the technical details of the vulnerabilities, the patching requirements for federal agencies, and active exploitation details, but they do not contain reporting on how the general public or consumers have responded to this security alert. To provide accurate breaking news on public reaction, I would need search results that include social media analysis, public statements, or reporting specifically covering how this issue has been received outside of government and cybersecurity circles.
🔄 Updated: 11/13/2025, 5:21:13 PM
Following CISA’s urgent directive for federal agencies to patch Cisco firewall vulnerabilities amid ongoing attacks, Cisco's stock (CSCO) showed notable market activity. On November 12, 2025, Cisco’s share price jumped to $73.96 from a previous close of $71.71 on November 11, reflecting a roughly 3% increase in a single day amid heightened cybersecurity focus[2][3][6]. This rise underscores investor confidence in Cisco's critical role in network security despite the ongoing vulnerability exposure.
🔄 Updated: 11/13/2025, 5:31:14 PM
CISA has urgently directed federal agencies to patch critical Cisco firewall vulnerabilities amid active exploitation linked to the China-based ArcaneDoor espionage campaign, emphasizing incomplete patching efforts as a major risk[1][2]. Cybersecurity experts warn that these vulnerabilities affect Cisco Secure ASA and FTD devices, with attacks escalating since early November 2025, urging rapid remediation to prevent further breaches[1][3]. Industry analysts highlight that full patch deployment remains below 50% in government networks, underscoring the pressing need for immediate action to close security gaps[2].
🔄 Updated: 11/13/2025, 5:41:20 PM
**CISA Issues Emergency Directive as Federal Agencies Lag on Cisco Firewall Patches**
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued emergency directive ED 25-03 mandating immediate remediation of CVE-2025-20333, a critical zero-day vulnerability with a CVSS score of 9.9 actively exploited against Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) devices[1]. Federal civilian agencies remain insufficiently protected despite the active hacking campaign, with CISA warning that no temporary mitigations or workarounds exist—upgrading
🔄 Updated: 11/13/2025, 5:51:31 PM
I don't have information about a CISA directive regarding Cisco firewall vulnerabilities or ongoing attacks in the provided search results. The search results only contain historical and current stock price data for Cisco (CSCO), showing the stock trading at $73.96 on November 13, 2025[2], up from $71.71 the previous trading day[3], but they don't include any news about a security vulnerability or federal agency directives that would explain market movements. To provide an accurate breaking news update with concrete details and quotes about this specific incident, I would need search results containing the actual CISA directive and related market analysis.
🔄 Updated: 11/13/2025, 6:01:34 PM
I don't have information about the specific CISA directive regarding Cisco firewall vulnerabilities or any ongoing attacks in the provided search results. The search results only contain historical and current stock price data for Cisco Systems (CSCO).
However, I can provide current stock information: Cisco Systems closed at $71.71 on November 11, 2025, and was trading at $73.96 on November 13, 2025[2], representing a gain of approximately 3% over those two days. The stock is up 24.8% year-to-date in 2025[5].
To provide an accurate breaking news update about CISA's directive and market reactions,
🔄 Updated: 11/13/2025, 6:11:28 PM
The Cybersecurity and Infrastructure Security Agency (CISA) has urgently directed federal agencies to patch critical vulnerabilities in Cisco ASA and Firepower firewalls amid ongoing large-scale attacks, noting many agencies remain improperly patched despite exploits active since September[1]. Nick Andersen, CISA’s Cybersecurity Division executive assistant director, emphasized that updating *all* ASA and Firepower devices—not just public-facing ones—is vital to mitigate risks and safeguard digital infrastructure integrity[1]. Industry experts warn that failure to apply recommended minimum software versions leaves federal networks exposed to advanced threat actors exploiting these flaws[1][2].
🔄 Updated: 11/13/2025, 6:31:36 PM
Following CISA's urgent directive for federal agencies to patch Cisco firewall vulnerabilities amid ongoing attacks, Cisco Systems' stock (NASDAQ: CSCO) showed a slight positive movement. On November 12, 2025, CSCO closed at $73.96, up from $71.71 on November 11, reflecting a roughly 3% increase amid heightened market focus on cybersecurity responses[7][3]. This uptick suggests investor confidence in Cisco’s capacity to address the vulnerabilities despite the security concerns.
🔄 Updated: 11/13/2025, 6:41:34 PM
CISA issued Emergency Directive 25-03 on September 25, 2025, ordering federal agencies to immediately identify and mitigate compromise of Cisco Adaptive Security Appliances (ASA) and Firewall Threat Defense (FTD) devices following widespread exploitation by an advanced threat actor.[1][2] The directive identifies two critical zero-day vulnerabilities—CVE-2025-20333 (remote code execution) and CVE-2025-20362 (privilege escalation)—that pose an "unacceptable risk to federal information systems" and enable attackers to manipulate device ROM to maintain persistence through reboots and system upgrades.[2] On
🔄 Updated: 11/13/2025, 6:51:35 PM
**CISA Issues Emergency Directive as Federal Agencies Lag on Critical Cisco Patches**
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued emergency directive ED 25-03 mandating immediate remediation of CVE-2025-20333, a critical zero-day vulnerability with a CVSS score of 9.9 actively being exploited against Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) devices.[1] Federal civilian agencies are reportedly not patching vulnerable Cisco devices sufficiently despite the ongoing hacking campaign, leaving critical network infrastructure exposed as Cisco confirms active exploitation and states