Security Breaches

Immediate Patching Necessary to Correct Actively Exploited Cisco Vulnerabilities

By Daniel Lopez

Threat actors are exploiting several Cisco vulnerabilities that had been issued patches in August. There have been attacks on devices that were incorrectly patched.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity notification this week concerning two critical Cisco vulnerabilities. The CVE-2025-30333 and CVE-2025-20362 vulnerabilities have been assigned CVSS v3.1 base scores of 9.9 and 9.8, respectively. The vulnerabilities affect systems using the Cisco Secure ASA Software or Cisco Secure FTD Software. Attackers can exploit the vulnerabilities by transmitting specially designed HTTP requests to a vulnerable web server on a system.

Cisco released patches to correct the vulnerabilities in August, cautioning that hackers can take advantage of the vulnerabilities to implement codes allowed at a high level of privilege. The vulnerabilities permit threat actors entry to restricted URL endpoints that ought to be unavailable with no authentication. By exploiting vulnerabilities, attackers can run the code on vulnerable devices. When the vulnerabilities are chained, an attacker could have total control of the devices. When the patches were released, Cisco cautioned that the ArcaneDoor campaign had already exploited the vulnerabilities as zero-days, along with two other vulnerabilities.

Although numerous companies used the patches and thought they were secured against exploitation. However, when patches are done without upgrading to the minimum software model, the companies remain vulnerable to exploitation. According to the analysis of agency-reported information, CISA has determined devices noted as ‘patched’ in the reporting form, but were upgraded to a software version that remains vulnerable to the threat activity laid out in the [Emergency Directive]. CISA instructs all companies, including HIPAA-covered entities, to confirm that the right updates are implemented. CISA has publicized guidance on how to patch the two vulnerabilities and cautioned that speedy patching is necessary, which includes patching on devices that aren’t exposed online.

Image Anastasiia, AdobeStock / logo©Cisco

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Daniel Lopez

Daniel Lopez is the HIPAA trainer behind HIPAA Coach and the HIPAA subject matter expert for NetSec.news. Daniel has over 10 years experience as a HIPAA coach. Daniel provides his HIPAA expertise on several publications including Healthcare IT Journal and The HIPAA Guide. Daniel has studied Health Information Management before focusing his career on HIPAA compliance and protecting patient privacy. You can follow Daniel on Twitter / X https://twitter.com/DanielLHIPAA

Related News

How Healthcare Cybersecurity Training Contributes to HIPAA Safe Harbor Protection

Healthcare’s Use of Outdated IT Creates Patient Safety and Cybersecurity Issues