Tag: CVE-2025-20333

TL;DR On September 25, 2025, CISA issued Emergency Directive ED 25-03 requiring federal agencies to find and mitigate compromises of Cisco Secure Firewall ASA and Firepower devices, citing active exploitation of CVE-2025-20333 (RCE) and CVE-2025-20362 (auth bypass). These CVEs are now in the KEV catalog. A separate—but concurrent—zero-day (CVE-2025-20352) affects Cisco IOS/IOS XE’s SNMP subsystem…