CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices www.cisa.gov/news-even…

Today, CISA issued Emergency Directive ED 25-03: Identify and Mitigate Potential Compromise of Cisco Devices to address vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices. CISA has added vulnerabilities CVE-2025-20333 and CVE-2025-20362 to the Known Exploited Vulnerabilities Catalog.

The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies must:

Identify all instances of Cisco ASA and Cisco Firepower devices in operation (all versions). Collect and transmit memory files to CISA for forensic analysis by 11:59 p.m. EST Sept. 26.

Edward Kiledjian @ekiledjian