Cisco Firewall Under Attack: Zero-Day Exploits & DoS Threats Explained (2025)

Cisco Warns of Active Exploitation of Firewall Flaws for DoS Attacks

Cisco has issued a critical warning regarding the active exploitation of two vulnerabilities in its ASA and FTD firewalls, which are now being used to trigger reboot loops and launch Denial of Service (DoS) attacks. These vulnerabilities, CVE-2025-20362 and CVE-2025-20333, were previously used in zero-day attacks and have now been weaponized by threat actors.

The tech giant released security updates on September 25 to address these flaws, emphasizing that CVE-2025-20362 enables unauthorized access to restricted endpoints, while CVE-2025-20333 allows authenticated attackers to execute remote code. When combined, these vulnerabilities grant complete control over unpatched systems to remote, unauthenticated attackers.

See Also
CISA Warns: Critical CentOS Web Panel Bug Exploited - CVE-2025-48703 Remote Code ExecutionViz Media Hack: What Happened and What's at Risk?

The same day, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive, mandating U.S. federal agencies to patch their Cisco firewall devices within 24 hours and disconnect ASA devices reaching their end-of-support (EoS) from federal networks. Threat monitoring service Shadowserver is currently tracking over 34,000 internet-exposed ASA and FTD instances vulnerable to these attacks, down from nearly 50,000 unpatched firewalls spotted in September.

Cisco's spokesperson revealed that the company became aware of a new attack variant on November 5, 2025, targeting devices running Cisco Secure ASA or Cisco Secure FTD Software releases affected by the same vulnerabilities. This attack can cause unpatched devices to unexpectedly reboot, leading to DoS conditions. The ArcaneDoor campaign, linked to the UAT4356 threat group, has been exploiting these vulnerabilities to breach government networks worldwide since November 2023.

Cisco also addressed a third critical vulnerability (CVE-2025-20363) in its Cisco IOS and firewall software, which could allow unauthenticated threat actors to execute arbitrary code remotely. However, they stated that they were unaware of any public announcements or malicious use of this vulnerability.

Since the initial patch, attackers have exploited another recently patched RCE vulnerability (CVE-2025-20352) to deploy rootkit malware on unprotected Linux boxes. Additionally, Cisco released security updates on Thursday to patch critical flaws in its Contact Center software, enabling attackers to bypass authentication and execute commands with root privileges.

Cisco strongly recommends all customers to upgrade to the provided software fixes to mitigate these security risks.

Cisco Firewall Under Attack: Zero-Day Exploits & DoS Threats Explained (2025)
Top Articles
Miami Hurricanes Make History: Entering College Football Playoff for the First Time
Blinatumomab and Ponatinib: A Revolutionary Chemo-Free Treatment for Ph+ ALL
Babu Owino's Epic Nyanza Rallies: Sparks Hope and Unity in Kenya
Latest Posts
Wilfried Nancy's Celtic Nightmare: Analyzing the Debut Debacle
Montana State Coach vs Player: Intense Post-Game Altercation Explained!
Recommended Articles
Article information

Author: Ouida Strosin DO

Last Updated:

Views: 6463

Rating: 4.6 / 5 (56 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Ouida Strosin DO

Birthday: 1995-04-27

Address: Suite 927 930 Kilback Radial, Candidaville, TN 87795

Phone: +8561498978366

Job: Legacy Manufacturing Specialist

Hobby: Singing, Mountain biking, Water sports, Water sports, Taxidermy, Polo, Pet

Introduction: My name is Ouida Strosin DO, I am a precious, combative, spotless, modern, spotless, beautiful, precious person who loves writing and wants to share my knowledge and understanding with you.