Cisco ASA/FTD Zero-Day Exploits Prompt CISA Emergency Directive

26 Sep 2025

CiscoASAFTDZero-DayCVE-2025-20333CVE-2025-20362CISAEmergencyDirectiveArcaneDoorNetworkSecurityFirewallVulnerabilityExploitationPatchManagement

Cisco has disclosed two zero-day vulnerabilities in its ASA and FTD firewall platforms, which are currently being exploited in the wild. The vulnerabilities, CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 (CVSS 6.5), pose significant risks. CVE-2025-20333 allows an authenticated attacker to execute arbitrary code with root privileges via HTTPS requests, while CVE-2025-20362 enables unauthenticated attackers to access restricted URLs without logging in. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive (ED 25-03) mandating federal agencies to patch or mitigate these vulnerabilities within 24 hours due to active exploitation by the threat group ArcaneDoor. These vulnerabilities underscore the critical need for timely patching and robust network security measures. Organizations using Cisco ASA or FTD devices should immediately apply patches, monitor network traffic for suspicious activity, and implement additional mitigations such as network segmentation and access controls to management interfaces. The exploitation of these vulnerabilities highlights the ongoing challenges in securing network infrastructure and the importance of proactive cybersecurity practices.