Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA Emergency Directive ED 25-03 for Cisco ASA vulnerabilities

Public Sector Action
First reported
Last updated
Happening score
H score 53
2 unique sources, 2 articles

Summary

Hide ▲

CISA warned U.S. federal agencies to fully patch Cisco ASA and Firepower devices for CVE-2025-20362 and CVE-2025-20333, which are actively exploited and can be chained for unauthenticated remote code execution and complete control of vulnerable firewalls. Cisco said the bugs were abused as zero-days against 5500-X Series devices with VPN web services enabled, and the activity is linked to ArcaneDoor. CISA’s Emergency Directive 25-03 requires agencies to patch all affected devices immediately, while Shadowserver tracks over 30,000 vulnerable devices.

Related Happenings

Cisco ThousandEyes and Nexus security patches

Security Patch Release
First: 21.05.2026 15:04 Last: 21.05.2026 15:04 Sources 1

About this happening: Cisco released patches for **three medium-severity vulnerabilities** affecting **ThousandEyes Virtual Appliance**, **ThousandEyes Enterprise Agent**, and **Nexus 3000/9000 switche...

Open Happening

CISA KEV remediation order for Cisco Catalyst SD-WAN Controller CVE-2026-20182

Public Sector Action
First: 15.05.2026 08:28 Last: 15.05.2026 08:28 Sources 1

About this happening: **CISA** added **CVE-2026-20182** to the **KEV catalog** and ordered **Federal Civilian Executive Branch agencies** to remediate **Cisco Catalyst SD-WAN Controller** by **May 17,...

Open Happening

Cisco Catalyst SD-WAN authentication bypass flaw actively exploited (CVE-2026-20182)

Vulnerability
First: 14.05.2026 23:09 Last: 14.05.2026 23:09 Sources 1

About this happening: **CVE-2026-20182** is an actively exploited **authentication bypass** in **Cisco Catalyst SD-WAN Controller** and **Cisco Catalyst SD-WAN Manager**, creating a path to **administr...

Latest development: 14.05.2026 23:25

Cisco released a patch for CVE-2026-20182, giving organizations using Cisco Catalyst SD-WAN Controllers a way to block the authentication bypass before UAT-8616 can continue using it for administrative access, SSH key insertion, NETCONF changes, and root escalation.

Open Happening

CISA KEV order for Copy Fail on federal Linux devices

Public Sector Action
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **CISA** added **Copy Fail** to the **Known Exploited Vulnerabilities (KEV) Catalog**, making the Linux flaw a federal remediation priority. The agency ordered **federal agencies*...

Open Happening

Cisco security patch release for CVE-2026-20188

Security Patch Release
First: 06.05.2026 21:06 Last: 06.05.2026 21:06 Sources 1

About this happening: **Cisco** released security updates for **CVE-2026-20188**, a high-severity **DoS vulnerability** in **Crosswork Network Controller (CNC)** and **Network Services Orchestrator (NS...

Open Happening

Timeline

  1. 25.09.2025 21:17 3 articles · 8mo ago

    CISA issues Emergency Directive ED 25-03 for Cisco ASA zero-days

    Legal Policy Action Update

    CISA issues Emergency Directive ED 25-03 ordering U.S. federal agencies to identify, analyze, and mitigate potential compromises involving Cisco Adaptive Security Appliances (ASA) after CVE-2025-20333 and CVE-2025-20362 were exploited in the wild; the directive places both flaws in the Known Exploited Vulnerabilities (KEV) catalog, requires mitigations within 24 hours, and warns of an ongoing widespread campaign linked to UAT4356 (aka Storm-1849), ArcaneDoor, and ROM manipulation that can persist through reboot and system upgrade.

    Show sources
    Open in new tab