Widespread Hack Hits Cisco Firewalls Via Zero-Day Flaws

The US is urging companies and government agencies to patch newly discovered flaws in Cisco firewall products, warning that an advanced hacking group is already exploiting them. On Thursday, the US's Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive that requires certain federal branch departments to address the flaw either by patching or disconnecting the Cisco products.

The threat involves two "zero-day" vulnerabilities, CVE-2025-20362 and CVE-2025-20333, in Cisco's firewall appliance and security software, which are supposed to keep unauthorized users out. When chained together, the flaws "could allow an unauthenticated, remote attacker to gain full control of an affected device," Cisco said.

The CVE-2025-20362 flaw alone can also let an attacker send "specifically crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication," Cisco added. The danger is particularly serious because the hackers can abuse the flaws to make modifications and maintain access to a victim's network, despite reboots and upgrades to the firewall software.

The persistence has been detected on certain older Cisco ASA 5500-X Series firewalls running the vulnerable software. The other issue is that a hacking group may have been exploiting the flaws for months. Both CISA and Cisco have linked the current exploitation to a hacking campaign last year called "ArcaneDoor," which also targeted Cisco firewall products and may have involved Chinese hackers.

As a result, companies and government departments need to not only patch the affected systems, but also look for evidence of compromise. The threat has since ballooned into a "widespread campaign" with the hacking activity likely affecting US critical infrastructure, CISA added.

What You Need to Know:

  • CISA has issued an emergency directive requiring certain federal branch departments to address the flaw.
  • The threat involves two zero-day vulnerabilities in Cisco firewall products.
  • Companies and government agencies need to patch affected systems and look for evidence of compromise.
  • A third vulnerability, CVE-2025-20363, has also been patched by Cisco.

Protect Your Network:

With this new threat, it's essential to take immediate action to protect your network. Here are some steps you can take:

  • Check if your firewall software is affected and apply the latest patch as soon as possible.
  • Suspend all non-essential services on affected systems until a fix is available.
  • Monitor your network activity for any suspicious behavior or unauthorized access.
  • Consider upgrading to the latest version of your firewall software.

Stay Informed:

For the latest updates on this threat and how to protect yourself, stay tuned to our website and follow us on social media. We'll provide you with the latest news, tips, and advice on how to keep your network secure.