CISA issues guidance on Cisco ASA and Firepower device vulnerabilities

The Cybersecurity and Infrastructure Security Agency provided implementation instructions to support federal bodies in addressing critical security faults affecting Cisco Adaptive Security Appliances and Firepower systems. These vulnerabilities are associated with risks that require immediate mitigation actions.

Two identified vulnerabilities, CVE-2025-20333 and CVE-2025-20362, impact several versions of Cisco's security device software. This includes specific minimum software versions that must be installed to remediate the issues. The vulnerabilities involve core functions within the security appliances that, if exploited, could compromise device integrity. The guidance highlights that some organizations believed they had implemented required updates but had not met the minimum software version criteria. For devices updated after September 26, 2025, or not yet updated, additional mitigation steps are detailed.

The consequences of these security gaps include increased exposure to ongoing threat actor activities that aim to exploit these devices.

The agency has developed and issued instructions detailing the required corrective patching measures and stresses the necessity of verifying the correct updates have been applied. For those devices still lacking compliance or updated recently, the guidance recommends further defensive steps to reduce risk.

The guidance documents include comprehensive recommendations and a tool known as the RayDetect scanner for inspecting Analog Signal Analyzer (ASA) core dumps for evidence of compromise by the RayInitiator malware. All affected agencies are directed to adhere to these recommendations in their response procedures.