Cisco is warning about a new kind of cyberattack exploiting serious vulnerabilities in its firewalls.
On Nov. 5, “Cisco became aware of a new attack variant against devices” affected by the previously disclosed flaws, the company said in a security advisory. “This attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions.”
The company did not provide details about the new attack variant, but urged customers to update their firewalls to the latest firmware.
Cisco first disclosed the vulnerabilities — CVE-2025-20362 and CVE-2025-20333 — on Sept. 25, saying an “advanced threat actor” was using them in a “widespread” attack campaign against firewalls running the company’s Secure ASA Software and Secure FTD Software. The Cybersecurity and Infrastructure Security Agency (CISA) immediately ordered agencies to patch the flaws, saying they posed a serious risk to government networks.
“Attackers were observed to have exploited multiple zero-day vulnerabilities and employed advanced evasion techniques such as disabling logging, intercepting CLI commands, and intentionally crashing devices to prevent diagnostic analysis,” Cisco said at the time.
The threat activity surrounding the vulnerabilities is an outgrowth of a campaign that began in 2024. Hackers linked to the Chinese government are reportedly responsible for the campaign, which Cisco calls ArcaneDoor.
Nearly 50,000 Cisco devices were vulnerable to attacks targeting the two flaws as of Sept. 30, according to one analysis.