UPDATE: 9/26/2025

A recent disclosure of several high-profile vulnerabilities that, when exploited, can allow an attacker persistent access and remote code execution on Cisco ASA devices.
CVE-2025-2033 (9.9/10 CVSS) and CVE-2025-20362 (6.5) involve improper validation of user-supplied input HTTP(S) requests that allow the ability to execute arbitrary code and access restricted URL endpoints without authentication.

This is directly related to the warning we issued here based on the report by GreyNoise scans previously indicating a massive spike in activity targeting Cisco ASA firewalls.

These vulnerabilities are now being actively exploited in the wild.

Cisco has been investigating attacks against multiple international government agencies that are linked to a state-sponsored campaign going back as far as May of 2025.

Advice

There are currently no workarounds for the vulnerability. Cisco recommends that that to fully remediate the vulnerability and avoid future exposure, customers should upgrade to fixed software as indicated in its advisory.

This is severe enough that the recommended immediate response is to disconnect all potentially vulnerable Cisco ASA devices.

In an emergency directive, CISA is urging federal agencies to identify, analyze, and mitigate potential compromises with immediate effect.

The Emergency Directive requires federal agencies to identify, analyze, and mitigate potential compromises immediately. Agencies must:

  • Identify all instances of Cisco ASA and Cisco Firepower devices in operation (all versions).
  • Collect and transmit memory files to CISA for forensic analysis by 11:59 p.m. EST Sept. 26

Greynoise, a leading threat intelligence provider, has reported a surge in scanning activity against Cisco ASA devices.

For public safety answering points (PSAPs), ECCs, and 911 centers, this should raise immediate concern.

Such scanning activity is often a precursor to a zero-day vulnerability being disclosed, followed shortly by a CVE (Common Vulnerabilities and Exposures) release and widespread exploitation.

What Is Happening With Cisco ASA?

According to Greynoise, attackers are increasingly scanning for Cisco ASA (Adaptive Security Appliance) devices exposed on the internet.

This activity often signals that:

  • A zero-day vulnerability may have already been discovered.

  • Exploit code is being tested “in the wild.”

  • Attackers are building target lists of vulnerable devices to sell to other groups, including foreign governments and criminal organizations.

In past incidents, scanning surges like this have been followed within 30–60 days by the disclosure of a CVE and a wave of attacks against unpatched systems.

Why Cisco ASA Zero-Days Matter to Public Safety

Many public safety agencies use Cisco ASA devices to:

  • Secure the edge of PSAP and ECC networks.

  • Manage VPN and remote access for dispatchers and partner agencies.

  • Protect critical applications like CAD (Computer-Aided Dispatch) systems.

If attackers exploit a Cisco ASA zero-day in these environments, the risks include:

  • Unauthorized remote access into dispatch networks.

  • Lateral movement into 911 call-handling systems.

  • Disruption of emergency communications and response operations.

For agencies already dealing with staffing and operational pressures, a network compromise could directly impact public safety missions.

What Public Safety Agencies Should Do Now

Awareness is the first step to your cyber defense strategies. Cisco has already noted that there have been software updates that address this vulnerability and that there are NO workarounds that address the vulnerability. That means being aware of software updates and applying patches when they’re ready and safe.

You don’t need to wait for a CVE announcement to prepare. Public safety leaders can take proactive steps today:

Monitor Cisco Advisories

Stay alert for updates from Cisco regarding ASA vulnerabilities. Be ready to deploy security patches immediately once released.

Assess Your Vulnerability

If you’re unsure how exposed your agency is, a Vulnerability Risk Assessment can help identify weaknesses before attackers do.

Prepare Incident Response Teams

Make sure your team has updated incident response playbooks for handling a firewall or VPN breach. Test your incident response procedures now.

Read More

Enable Continuous Monitoring

Because zero-day exploits can spread quickly, many agencies benefit from CyberSight™ Monitoring. Continuous, passive monitoring allows threats to be detected early before attackers gain persistence.

Staying Ahead of Cyber Threats

Zero-day attacks represent one of the most dangerous risks to public safety networks. By acting early, PSAPs and ECCs can limit exposure and protect mission-critical systems like CAD and 911 communications.

SecuLore’s mission is to defend public safety agencies against evolving cyber threats.

Whether through vulnerability assessments or continuous monitoring, we work alongside your team to strengthen defenses and improve readiness.

If your agency uses Cisco ASA, now is the time to prepare.

Contact SecuLore to learn how we can help secure your network against zero-day threats.

Other Alerts

  • SonicWall Breach – Backup Files Exposed: Advice for Critical Networks

    2025-10-13

  • Update – Cisco ASA Zero-Day Attacks: What Public Safety Agencies Need to Know

    2025-09-09

  • Cyber Alert: Mitel and Oracle Vulnerabilities

    2025-01-13

  • Cyber Alert: Ivanti Connect Secure Flaw

    2025-01-13

  • Cyber Alert: Zyxel Firewall Vulnerability

    2024-12-05

Cybersecurity for Critical Infrastructure

SecuLore provides Managed Detection and Response (MDR) to protect our nation’s critical infrastructure from cyber threats. Our expertise is built on deep knowledge of 9-1-1 technology, cyberwarfare, and ethical hacking, ensuring the highest level of cybersecurity for public safety agencies.

  • 24/7 Vulnerability & Threat Monitoring

  • Automated & AI Threat Detection

  • Specialized Threat Intelligence

  • Proactive Threat Hunting

  • Incident Response & Remediation

  • Forensics & Root Cause Analysis