CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and Firepower firewalls. “In CISA’s analysis of agency-reported data, CISA has identified devices marked as ‘patched’ in the reporting template, but which were updated to a version of the software that is still vulnerable to the threat activity outlined in [Emergency Directive 25-03, released on September 25, 2025],” the agency stated on Wednesday. “CISA … More

The post “Patched” but still exposed: US federal agencies must remediate Cisco flaws (again) appeared first on Help Net Security.