CISA Updates Guidance on Patching Cisco Devices Targeted in China-Linked Attacks

The US cybersecurity agency CISA has issued a fresh warning on addressing two Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) vulnerabilities exploited in the China-linked ArcaneDoor espionage campaign.

The two bugs, tracked as CVE-2025-20333 and CVE-2025-20362, were discovered in May, after being exploited as zero-days in attacks against government organizations.

As part of the attacks, the threat actor exploited the flaws to deploy malware, execute commands on vulnerable appliances, and likely exfiltrate data.

Impacting the VPN web server of ASA and FTD software, the issues allow attackers to send crafted requests and execute arbitrary code with root privileges, or access a restricted URL without authentication.

Cisco patched the two security defects on September 25, and warned on November 6 that a new variant of the attack causes devices to reload, leading to denial-of-service (DoS).

On September 25, CISA issued Emergency Directive 25-03 (ED 25-03 ...