Close Menu

    Subscribe to Updates

    Get the latest tech news from Tallwire.

      What's Hot

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

      July 16, 2026

      Record Industry Pushes for AI Labels on Streaming Music

      July 15, 2026
      Facebook X (Twitter) Instagram
      • Tech
      • AI
      • Get In Touch
      Facebook X (Twitter) LinkedIn
      TallwireTallwire
      • Tech

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026
      • AI

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Record Industry Pushes for AI Labels on Streaming Music

        July 15, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Anthropic Doubles Down on New York as AI Talent War Intensifies

        July 15, 2026
      • Security

        China’s AI Distillation Campaign Raises New Concerns Over U.S. Technology Security

        July 13, 2026

        AI Tools Increasingly Exploited by Terrorist Organizations, New Research Finds

        July 13, 2026

        Pentagon Expands Engineering Recruitment to Restore America’s Military Technology Edge

        July 13, 2026

        EU Lawmakers Advance Controversial Private Message Scanning Measure Despite Mounting Privacy Concerns

        July 12, 2026

        Scramble Intensifies to Secure America Against Emerging AI National Security Threats

        July 12, 2026
      • Health

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        AI Chatbots Increasingly Clash With Eating Disorder Treatment

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026

        Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

        July 14, 2026
      • Science

        AI Chatbots Face Growing Scrutiny as Mental Health Risks Draw Medical Alarm

        July 16, 2026

        U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

        July 16, 2026

        Scientists Advance “StormWall” Concept to Defend Earth from Catastrophic Solar Storms

        July 15, 2026

        Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

        July 15, 2026

        Humanoid Robots Complete First Live Surgical Procedures in Medical Milestone

        July 14, 2026
      • Tech

        AI Protesters March on Silicon Valley Giants Demanding Development Freeze

        July 14, 2026

        Palo Alto Networks CEO Warns AI Costs Must Plunge Before Enterprise Adoption Can Accelerate

        July 14, 2026

        DeepMind Unionization Effort Encounters Early Resistance as Labor Talks Stall

        July 11, 2026

        Always-On Workplace Culture Pushes Employees Toward the Breaking Point

        July 10, 2026

        High-Income Families Embrace AI-Driven Schools as Alternative Education Expands

        July 9, 2026
      TallwireTallwire
      Home»Tech»Tens of Thousands of Cisco Firewalls Under Active Assault
      Tech

      Tens of Thousands of Cisco Firewalls Under Active Assault

      Updated:December 25, 20254 Mins Read
      Facebook Twitter Pinterest LinkedIn Tumblr Email
      Tens of Thousands of Cisco Firewalls Under Active Assault
      Tens of Thousands of Cisco Firewalls Under Active Assault
      Share
      Facebook Twitter LinkedIn Pinterest Email

      Roughly 48,800 internet-exposed Cisco ASA and FTD firewalls remain vulnerable to two actively exploited zero-day flaws (CVE-2025-20333 and CVE-2025-20362), despite warnings and patches being issued as of September 2025. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has responded by issuing Emergency Directive 25-03, mandating all federal civilian agencies to inventory affected devices, perform forensic analysis, and patch or isolate compromised systems by very tight deadlines. The vulnerabilities allow remote code execution and unauthorized access, and threat actors have demonstrated firmware persistence techniques to survive reboots and upgrades. Security firms tie the campaign to the ArcaneDoor (aka Storm-1849 / UAT4356) espionage group, with possible state backing and a history of targeting perimeter devices. Cisco alongside global cybersecurity agencies (like the UK’s NCSC) have urged immediate remediation and outlined that no viable workaround exists.

      Sources: Bleeping Computer, TechRadar

      Key Takeaways

      – These vulnerabilities permit either remote code execution with valid VPN credentials (CVE-2025-20333) or unauthenticated access to restricted VPN endpoints (CVE-2025-20362), and the two can be chained together.

      – The threat actors have demonstrated advanced persistence via modifications to read-only memory (ROM), enabling malicious payloads to survive reboots and upgrades.

      – CISA’s Emergency Directive 25-03 forces federal agencies to act within hours, making this a high-stakes situation; organizations outside government are also strongly urged in industry advisories to treat the risk seriously.

      In-Depth

      In late September 2025, Cisco publicly acknowledged that two zero-day vulnerabilities in its Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) products—CVE-2025-20333 and CVE-2025-20362—were being actively exploited in the wild. The first vulnerability, CVE-2025-20333, is a remote code execution flaw that requires valid VPN credentials. An attacker who controls that channel can craft HTTP(S) requests to execute arbitrary code as root on the affected system. Cisco rates the severity at 9.9 (critical). The second, CVE-2025-20362, is a missing authorization issue that allows access to restricted web endpoints without authentication. Together, the two can be chained to overcome credential barriers and fully compromise a firewall. Cisco has confirmed evidence of exploitation using both.

      The urgency is heightened by the stealth of the attacks. Adversaries have reportedly modified the firmware or bootloader (ROM) of compromised devices so that their presence persists across reboots and software upgrades. Indicators of compromise include disabled logging, suppression of CLI commands, and intentional crashing of devices to thwart detection. Cisco’s Event Response team and external researchers believe the attacker used both vulnerabilities in the current campaign.

      In response, CISA issued Emergency Directive 25-03, compelling all federal civilian agencies to locate every ASA and Firepower device in their networks, collect memory dumps and forensic data, and patch or disconnect vulnerable units by a hard deadline (reports suggest by September 26 or shortly after). The vulnerabilities were simultaneously added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, increasing regulatory pressure. Though the directive formally applies to the U.S. federal civilian sphere, many security vendors and national agencies have warned private and critical infrastructure operators to heed the same mitigation guidance.

      The threat actor behind these exploits is believed to be ArcaneDoor (also tracked as UAT4356 or Storm-1849). This group has been tied to prior espionage campaigns targeting Cisco devices, dating back to early 2024, and analysts from firms such as Palo Alto’s Unit 42 have linked this latest campaign as a resurgence or continuation of earlier intrusion activity. Some threat intelligence firms suggest connections to state-affiliated cyber operations, with certain scans and infrastructure overlap pointing toward Chinese networks (though attribution remains non-public and unconfirmed).

      From a defense standpoint, the situation is grave because no effective mitigations short of applying patches or disabling vulnerable features exist. Cisco itself states that there is no workaround that fully removes the risk. System administrators are urged to follow Cisco’s patch guidance precisely, reimage or replace compromised hardware, monitor for anomalous traffic, and tighten exposure of VPN/web interfaces. In many cases, legacy or end-of-life devices must be removed entirely.

      Because perimeter firewalls like ASA and FTD are central to network defenses, compromising them opens the door to full network infiltration: attackers may intercept or redirect traffic, plant lateral footholds, and exfiltrate sensitive data undetected. Given how long adversaries may have been probing or operating (some reconnaissance activity dates back to late 2024), organizations should assume compromise is possible until proven otherwise. The speed of response matters: once patches or vulnerability details are public, adversaries often escalate attack volume. The window is narrow, and in this case, the pressure is real.

      Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
      Previous ArticleTencent Unveils ‘Parallel-Thinking’ AI Boost to Sharpen Reasoning
      Next Article Tesla Activates Its First Full-V4 Supercharger, Marking a 500 kW Charging Leap

      Related Posts

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Add A Comment
      Leave A Reply Cancel Reply

      Editors Picks

      U.S. Biotechs Turn to Secrecy as China Accelerates Drug Development Race

      July 16, 2026

      Fiat Bets on Tiny EV as Affordable Transportation Returns to the Spotlight

      July 15, 2026

      Personalized UVB Device Promises Vitamin D Benefits While Raising Questions About Medicalizing Everyday Health

      July 15, 2026

      Meta Patent Ignites Fresh Fears Over AI-Powered Emotional Surveillance

      July 14, 2026
      Popular Topics
      Tesla Stocks Series B Sundar Pichai Satellite Space Samsung trending Software Series A Tim Cook Viral Taiwan Tech Startup starlink spotlight SpaceX UAE Tech Tesla Cybertruck Satya Nadella
      Major Tech Companies
      • Apple News
      • Google News
      • Meta News
      • Microsoft News
      • Amazon News
      • Samsung News
      • Nvidia News
      • OpenAI News
      • Tesla News
      • AMD News
      • Anthropic News
      • Elbit News
      AI & Emerging Tech
      • AI Regulation News
      • AI Safety News
      • AI Adoption
      • Quantum Computing News
      • Robotics News
      Key People
      • Sam Altman News
      • Jensen Huang News
      • Elon Musk News
      • Mark Zuckerberg News
      • Sundar Pichai News
      • Tim Cook News
      • Satya Nadella News
      • Mustafa Suleyman News
      Global Tech & Policy
      • Israel Tech News
      • India Tech News
      • Taiwan Tech News
      • UAE Tech News
      Startups & Emerging Tech
      • Series A News
      • Series B News
      • Startup News
      Tallwire
      Facebook X (Twitter) LinkedIn Threads Instagram RSS
      • Tech
      • Entertainment
      • Business
      • Government
      • Academia
      • Transportation
      • Legal
      • Press Kit
      © 2026 Tallwire. Optimized by ARMOUR Digital Marketing Agency.

      Type above and press Enter to search. Press Esc to cancel.