The CISA issued an urgent warning that federal agencies must immediately patch two actively exploited Cisco ASA and Firepower vulnerabilities, CVE-2025-20362 and CVE-2025-20333. The flaws allow unauthenticated access to restricted endpoints and remote code execution, and when chained, give attackers full control of affected devices. Although Cisco patched the bugs in September after observing zero-day exploitation tied to the ArcaneDoor campaign, after many agencies incorrectly believed they had updated to safe versions.
Gunter Ollmann, CTO, Cobalt had this to say:
“The ongoing exploitation of these Cisco flaws highlights how attackers increasingly rely on chaining weaknesses to gain rapid, unauthenticated control over perimeter devices. These types of edge-network compromises are particularly attractive because they create a launch point that bypasses many downstream defenses. The challenge is that organizations still struggle to validate their exposure in real-world terms, even when patches exist. Offensive testing helps reveal whether the environment behaves as expected after updates and whether an attacker could still traverse overlooked paths. Mature programs treat patching as the starting point, not the finish line, and use adversarial validation to catch residual gaps before threat actors do.”
Wade Ellery, Chief Evangelist and IAM Strategy Officer, Radiant Logic follows with this:
“When firewalls or VPN gateways are compromised, attackers often pivot quickly into identity systems because credentials remain one of the most reliable pathways to deeper access. Incidents like this reveal how perimeter flaws can cascade into identity-based risks when agencies lack unified visibility across accounts, entitlements, and authentication patterns. The limitation is that many organizations still operate with fragmented identity data, making it hard to detect suspicious changes that follow network intrusions. Strengthening identity observability provides the context needed to spot anomalies early and contain lateral movement before privileges accumulate. Agencies that unify and observe identity data will be better positioned to absorb these infrastructure-level shocks and maintain Zero Trust resilience.”
Once again it’s time to patch all the things because of an actively exploited threat. The “fun” never ends in this business.
Related
This entry was posted on November 13, 2025 at 2:05 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA warning: Patch actively exploited Cisco flaws ASAP
The CISA issued an urgent warning that federal agencies must immediately patch two actively exploited Cisco ASA and Firepower vulnerabilities, CVE-2025-20362 and CVE-2025-20333. The flaws allow unauthenticated access to restricted endpoints and remote code execution, and when chained, give attackers full control of affected devices. Although Cisco patched the bugs in September after observing zero-day exploitation tied to the ArcaneDoor campaign, after many agencies incorrectly believed they had updated to safe versions.
Gunter Ollmann, CTO, Cobalt had this to say:
“The ongoing exploitation of these Cisco flaws highlights how attackers increasingly rely on chaining weaknesses to gain rapid, unauthenticated control over perimeter devices. These types of edge-network compromises are particularly attractive because they create a launch point that bypasses many downstream defenses. The challenge is that organizations still struggle to validate their exposure in real-world terms, even when patches exist. Offensive testing helps reveal whether the environment behaves as expected after updates and whether an attacker could still traverse overlooked paths. Mature programs treat patching as the starting point, not the finish line, and use adversarial validation to catch residual gaps before threat actors do.”
Wade Ellery, Chief Evangelist and IAM Strategy Officer, Radiant Logic follows with this:
“When firewalls or VPN gateways are compromised, attackers often pivot quickly into identity systems because credentials remain one of the most reliable pathways to deeper access. Incidents like this reveal how perimeter flaws can cascade into identity-based risks when agencies lack unified visibility across accounts, entitlements, and authentication patterns. The limitation is that many organizations still operate with fragmented identity data, making it hard to detect suspicious changes that follow network intrusions. Strengthening identity observability provides the context needed to spot anomalies early and contain lateral movement before privileges accumulate. Agencies that unify and observe identity data will be better positioned to absorb these infrastructure-level shocks and maintain Zero Trust resilience.”
Once again it’s time to patch all the things because of an actively exploited threat. The “fun” never ends in this business.
Share this:
Like this:
Related
This entry was posted on November 13, 2025 at 2:05 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.