CISA Emergency Directive 25‑03: Cisco ASA / Firepower Vulnerabilities
CISA just issued Emergency Directive 25‑03 mandating actions to identify and mitigate a campaign exploiting zero‑day vulnerabilities in Cisco ASA / Firepower devices. While the directive is written for federal agencies, the threat is relevant to any organization using those platforms. Below is a summary, risk assessment, and recommended mitigations — along with what Forward Networks is doing to support customers. What’s Going OnCampaign targets Cisco ASA and Firepower / FTD appliances Exploits include unauthenticated RCE and privilege escalation Persistence observed via ROM manipulation Linked to 'ArcaneDoor' activity CVEs: CVE‑2025‑20333 (RCE) and CVE‑2025‑20362 (privilege escalation) Directive mandates inventory, forensic dumps, patching, and reporting Why This Matters to Forward CustomersIf you rely on Cisco ASA, ASAv, or Firepower/FTD appliances in your network perimeter or DMZ, your infrastructure may be at risk of compromise, persistent code injections, or deeper intrusion. Becau