The Cybersecurity and Infrastructure Security Agency issued Emergency Directive ED 25-03 on September 25, 2025, mandating federal agencies to patch two critical Cisco vulnerabilities within 24 hours. The directive targets CVE-2025-20333 and CVE-2025-20352, which affect Cisco Adaptive Security Appliance and Firepower Threat Defense firewalls, with hundreds of devices across the U.S. government at risk.
CVE-2025-20333 has a CVSS score of 9.9, allowing remote code execution without authentication, while CVE-2025-20352 enables privilege escalation. A state-sponsored threat actor, linked to the 2024 ArcaneDoor campaign, is actively exploiting these flaws, with at least one federal agency confirmed breached. Agencies must apply patches by September 26, 2025, at 11:59 PM EDT, as per CISA’s directive.
The vulnerabilities pose a significant threat to network security, as Cisco firewalls are widely used for perimeter defense. Dark Reading reports that exploits can bypass security controls, potentially leading to data theft or system compromise. CISA emphasizes immediate action to prevent further intrusions.
Experts warn that the short deadline reflects the urgency of the threat. \”This is a classic case of nation-state actors targeting critical infrastructure,\” said a cybersecurity analyst familiar with the investigation. The campaign’s ties to ArcaneDoor suggest a persistent effort to infiltrate government networks.
According to CNN, the breach has raised concerns about the security of federal systems, with implications for national security. CISA’s directive includes steps for agencies to identify compromised devices and apply mitigations if patching isn’t immediately feasible.
Cisco released patches for the vulnerabilities on September 24, but deployment delays have left systems exposed. The company advised customers to update their devices promptly to avoid exploitation. This incident highlights the challenges of securing legacy infrastructure against advanced threats.
Federal agencies are scrambling to meet the deadline, with CISA providing technical support. The directive underscores the growing trend of state-sponsored attacks on government networks, necessitating rapid response mechanisms.
