U.S. CISA Adds Cisco Secure Firewall ASA and Secure FTD Flaws to Known Exploited Vulnerabilities Catalog

U.S. CISA Adds Cisco Secure Firewall ASA and Secure FTD Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added vulnerabilities in the Cisco Secure Firewall ASA and Secure FTD to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to take immediate action to protect their networks from potential exploitation.

CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA), with the goal of exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs and manipulating read-only memory (ROM) to persist through reboot and system upgrade. This activity presents a significant risk to victim networks, and CISA's emergency directive aims to mitigate this risk.

The campaign is connected to the ArcaneDoor activity identified in early 2024 and involves exploiting zero-day vulnerabilities in the Cisco ASA platform, as well as specific versions of Cisco Firepower. These vulnerabilities are considered high-risk and require immediate attention from federal agencies and private organizations alike.

CISA's Emergency Directive orders agencies to identify all Cisco ASA and Firepower devices and submit results by September 26, 2025. If compromised, devices must be isolated and impacted agencies must report the incidents. Additionally, agencies are required to update supported devices within strict deadlines, retire unsupported models, and report full inventories with actions taken by October 2, 2025.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal Cybersecurity and Infrastructure Security Agency (FCEB) agencies must address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA urges federal agencies to fix the vulnerabilities by September 26, 2025, and reminds them that failure to do so may result in significant risks to network security.

For more information on this vulnerability and how to protect your networks, follow me on Twitter: @securityaffairs and Facebook and Mastodon