The Cybersecurity and Infrastructure Security Agency (CISA) has identified critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower Threat Defense (FTD) devices that require immediate attention from federal agencies. Under Emergency Directive 25-03, CISA emphasizes the need for all agencies to comply fully with patching requirements to protect federal information systems. The vulnerabilities, CVE-2025-20333, which facilitates remote code execution, and CVE-2025-20362, which allows privilege escalation, have been actively exploited in the wild.
Despite reported compliance, many agencies were found operating with outdated software that exposed them to active threats, highlighting a gap in understanding patch requirements. This situation illustrates the critical necessity of employing comprehensive patching strategies across all types of devices within federal networks. CISA has provided specific minimum software versions that agencies must adhere to for their ASA and Firepower devices. Non-compliant agencies face corrective action from CISA, ensuring that vulnerable systems are patched promptly and efficiently, reinforcing the importance of robust cybersecurity measures across federal infrastructure.
👉 Pročitaj original: Cyber Security News
