The 2025 State of Cyber Risk and Exposure report reveals why security leaders are under pressure: AI-driven threats, expanding attack surfaces, and misalignment with business priorities. Based on global survey data, it surfaces the root causes behind today’s risk fatigue—and what mature organizations are doing differently.
CISA Advisory: CVE-2025-20333 for Cisco Firewall Devices
Share:
CVE-2025-20333 is a critical, actively exploited zero-day vulnerability impacting Cisco firewall devices, specifically those running unpatched versions of Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) software. It is one of two zero-days currently being weaponized by cyber threat actors, posing a significant and immediate threat to enterprise network perimeters. The vulnerability has a CVSS score of base 9.9. At this time, NVD has not released a formal entry for CVE-2025-20333.
CVE-2025-20333 overview
This vulnerability allows authenticated attackers to remotely execute arbitrary code on vulnerable devices. Some reports suggest that CVE-2025-20333 enables attackers to manipulate ROMMON (Cisco’s bootloader) to maintain persistence, though this behavior is linked to observed threat activity rather than the CVE itself. If exploited, attackers can gain full control of the firewall, enabling them to disable security protections, pivot into internal systems, deploy malware, or exfiltrate sensitive data. Because ASA and FTD devices typically sit at the edge of enterprise networks, any compromise at this level undermines the entire security architecture and opens the door to broader network infiltration.
Cisco has confirmed active exploitation of CVE-2025-20333 and released urgent security advisories and patches. The company strongly urges customers to immediately identify all affected devices and upgrade to the newest software release. At this time, no temporary mitigations or workarounds are available, making upgrading the only viable defense. Cisco has not named the upgraded version but lists version 9.23(x) as the most recent version.
In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive (ED 25-03) mandating immediate remediation across all U.S. federal agencies, further underscoring the critical nature of this threat.
Recommendations
All organizations, public and private, should treat CVE-2025-20333 as a high-priority vulnerability. Immediate steps should include:
- Upgrade all affected ASA and FTD devices.
- Monitor for indicators of compromise (IoCs) and unusual activity tied to firewall infrastructure.
- Review web/VPN interface exposure and remote access configurations.
- Reassess firewall integrity post-patch to confirm no lingering attacker persistence.
Failure to address this vulnerability leaves core network infrastructure exposed to sophisticated, persistent adversaries capable of long-term compromise and data theft.
90% Say Cyber Risk Is Harder Now—Discover Why
