Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Source: The Hacker News

Author: The Hacker News

URL: https://thehackernews.com/2025/09/urgent-cisco-asa-zero-day-duo-under.html

ONE SENTENCE SUMMARY:

Cisco urges immediate patching of critical zero-day vulnerabilities in VPN software, exploited by threat actors to execute remote attacks.

MAIN POINTS:

1. Cisco warns of two zero-day flaws in ASA and FTD software.
2. CVE-2025-20333 allows authenticated attackers to execute arbitrary code as root.
3. CVE-2025-20362 enables unauthorized access to restricted URLs.
4. Both vulnerabilities are being actively exploited in the wild.
5. Potential exploitation may involve chaining both flaws for authentication bypass.
6. The flaws are linked to the ArcaneDoor threat cluster and UAT4356 actor.
7. CISA issues emergency directive for immediate mitigation efforts.
8. The vulnerabilities are included in the Known Exploited Vulnerabilities catalog.
9. The attacks include persistent memory manipulation across reboots and upgrades.
10. Firepower appliances with Secure Boot can detect ROM manipulation attempts.

TAKEAWAYS:

1. Immediate patching of VPN software is essential to prevent remote code execution.
2. Awareness of ArcaneDoor’s campaign is crucial for network defense strategies.
3. Rapid response following CISA’s directive can mitigate potential threats.
4. Understanding the vulnerabilities aids in recognizing threat actor tactics.
5. Monitoring Firepower systems’ Secure Boot can help detect ROM attacks.