CISCO Security Advisory

Published Date: April 24, 2026

CVE: CVE-2025-20333

Advisory Summary

🛡️ 𝐆𝐫𝐨𝐰𝐢𝐧𝐠 𝐏𝐞𝐫𝐬𝐢𝐬𝐭𝐞𝐧𝐜𝐞 𝐭𝐡𝐫𝐞𝐚𝐭 𝐟𝐫𝐨𝐦 𝐀𝐫𝐜𝐚𝐧𝐞𝐃𝐨𝐨𝐫 𝐀𝐠𝐚𝐢𝐧𝐬𝐭 𝐂𝐢𝐬𝐜𝐨 𝐒𝐞𝐜𝐮𝐫𝐞 𝐅𝐢𝐫𝐞𝐰𝐚𝐥𝐥 𝐏𝐥𝐚𝐭𝐟𝐨𝐫𝐦𝐬

Cisco has announced a critical update following the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) latest directive on continuing threats to Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) products. The key issue stems from the ArcaneDoor threat actor, who has engineered an advanced persistence mechanism embedded deep within the Cisco Firepower eXtensible Operating System (FXOS). Unlike typical exploits, this persistence technique remains intact even after applying the security patches released in September 2025.

This development underscores the sophistication of ongoing attacks that began by exploiting two notable vulnerabilities prior to the patches:

• CVE-2025-20333: Remote Code Execution in the VPN Web Server
• CVE-2025-20362: Unauthorized Access in the VPN Web Server

The persistence embedded in the FXOS base operating system signals a concerning foothold for attackers, requiring vigilant monitoring and additional defensive strategies beyond conventional patching.

For network security professionals and infrastructure managers, this calls for renewed emphasis on detection capabilities around Cisco firewall platforms, comprehensive incident response planning, and swift application of Cisco’s mitigations. Detailed guidance and technical resources remain available through Cisco’s dedicated response page.

⚠️ 𝐀𝐥𝐞𝐫𝐭: Organizations using Cisco Firepower ASA and FTD devices should verify their firmware versions and proactively implement Cisco’s recommendations to mitigate long-term risks from this persistent threat.

Reference: Vendor Advisory