Three critical Cisco zero-day vulnerabilities are under active attack, with CISA warning organizations to patch immediately. Security experts link the campaign to the ArcaneDoor espionage group, raising concerns about nation-state involvement.
The Three Vulnerabilities
Cisco confirmed three flaws in ASA and Firepower devices:
- CVE-2025-20333 (CVSS 9.9): enables unauthenticated remote code execution
- CVE-2025-20362 (CVSS 6.5): allows privilege escalation
- CVE-2025-20363 (CVSS 9.0): another remote code execution vector
Cisco stated no workarounds exist. Only patching can remove the risk.
ArcaneDoor Connection
Researchers tied two of the flaws to ArcaneDoor, a campaign first discovered in 2024. The group uses backdoors known as “Line Runner” and “Line Dancer” to steal data, manipulate traffic, and move laterally inside networks.
By compromising firewalls and edge devices, attackers gain deep access and long-term persistence.
CISA’s Urgent Directive
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring federal agencies to:
- Patch Cisco ASA and Firepower devices immediately
- Disconnect unsupported devices from networks
- Monitor for suspicious activity or potential compromise
Private organizations are strongly advised to follow the same steps within 24 hours.
Why This Matters
The Cisco zero-day vulnerabilities pose severe risks because they target widely deployed security appliances. Exploiting these flaws gives attackers control over traffic and systems that enterprises rely on to stay secure.
The confirmed link to a sophisticated espionage campaign suggests the attacks are likely backed by a nation-state, making the threat even more serious.
Conclusion
The Cisco zero-day vulnerabilities highlight the dangers of advanced supply chain and infrastructure attacks. With active exploitation underway, organizations must patch immediately and strengthen monitoring to prevent further compromise. Rapid response is the only way to reduce the risks posed by ArcaneDoor and other advanced threat groups.
0 responses to “Cisco Zero-Day Vulnerabilities Exploited in Nation-State Attacks”