Technology company Cisco is being asked to answer a series of questions about a security incident that prompted emergency directives from the federal government last month. US Senator Bill Cassidy wrote to Cisco CEO Chuck Robbins about CVE-2025-30333 and CVE-2025-20362, vulnerabilities that caused alarm three weeks ago when federal civilian agencies were given just one day to address them. Cassidy, who is the chairman of the Committee on Health, Education, Labor, and Pensions, noted that “at least one federal agency has already been breached as a result of this vulnerability. As the largest provider of network infrastructure in the world, Cisco holds a unique position in delivering tools not only to the federal government, but virtually all businesses. These tools connect consumers and businesses to care services, educational tools, and platforms businesses need to operate,” the Louisiana Republican wrote.[1]
“Any vulnerability in Cisco’s systems would jeopardize this access for millions of Americans. As Cisco works with the federal government to patch any cybersecurity vulnerabilities, it must work with these stakeholders to ensure their systems are protected as well.”
Cassidy asked whether Cisco has identified any specific threats to customers, how it is communicating security issues to customers, whether the advice provided by CISA to federal agencies also applies to private companies, and more. Cisco did not respond to requests for comment.
On 25 September, the US Cybersecurity and Infrastructure Security Agency (CISA) released an emergency directive ordering all federal civilian agencies to patch the two vulnerabilities, which impact Cisco Adaptive Security Appliances (ASA).
ASA is a popular product line among governments and large businesses because it consolidates several different security tasks into a single appliance. In addition to being firewalls, the appliances also prevent some intrusions, handle spam, conduct antivirus checks and more. Cisco said in its report on the campaign that it worked with multiple government agencies in May 2025 to investigate attacks targeting the ASA 5500-X Series devices running Cisco Secure Firewall ASA Software with VPN web services.
The company said several of the specific brands impacted include 5585-X, which stopped receiving support on 31 May 2023, as well as 5512-X and 5515-X, which stopped receiving support on 31 August 2022. Support for 5525-X, 5545-X, and 5555-X ends on 30 September this year.
British and Canadian cybersecurity officials also noted the threat to Cisco firewalls in alerts. Cisco said it worked with CISA and the cybersecurity bureaus of Canada, Australia and the UK on the investigation into the bugs. Alongside advisories on both vulnerabilities, Cisco published a lengthy study on the attacks, assessing with high confidence that the campaign was tied to the same hackers behind the ArcaneDoor campaign discovered last year.
Since then, Cisco has declined to say what country was behind the incident. Wired, which first reported on the campaign, said sources claimed it “appears to be aligned with China's state interests.” CISA Acting Director Madhu Gottumukkala said that federal agencies needed to take “immediate action due to the alarming ease with which a threat actor can exploit these vulnerabilities, maintain persistence on the device, and gain access to a victim’s network.”
"The same risks apply to any organizations using these devices. We strongly urge all entities to adopt the actions outlined in this Emergency Directive,” he added.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://therecord.media/cisco-asa-vulnerabilities-sen-bill-cassidy-questions/
Comments