Cisco: Actively exploited firewall flaws now abused for DoS attacks

Source: BleepingComputer

Author: Sergiu Gatlan

URL: https://www.bleepingcomputer.com/news/security/cisco-actively-exploited-firewall-flaws-now-abused-for-dos-attacks/

ONE SENTENCE SUMMARY:

Cisco has released updates to address vulnerabilities in ASA and FTD firewalls being exploited in attacks causing reboot loops.

MAIN POINTS:

1. Cisco released security updates on September 25 for vulnerabilities CVE-2025-20362 and CVE-2025-20333.
2. CVE-2025-20362 allows unauthenticated access to restricted URLs.
3. CVE-2025-20333 enables remote code execution on vulnerable devices.
4. Chained vulnerabilities let attackers gain full control over systems.
5. CISA ordered federal agencies to secure or disconnect affected devices within 24 hours.
6. Shadowserver tracks over 34,000 vulnerable ASA and FTD instances online.
7. Vulnerabilities are exploited in denial of service (DoS) attacks.
8. Attackers from the ArcaneDoor campaign are behind these exploits.
9. Cisco fixed another critical vulnerability, CVE-2025-20363, in its IOS and firewall software.
10. New security patches issued for Cisco Contact Center software to address critical flaws.

TAKEAWAYS:

1. Immediate updates are crucial for securing Cisco firewall devices.
2. Vulnerabilities can lead to severe consequences like denial of service attacks.
3. Federal agencies are under strict directives to safeguard network security.
4. Shadowserver’s tracking shows the widespread presence of vulnerable systems.
5. Continued vigilance and patching are vital as new threats emerge.