|
FOR IMMEDIATE RELEASE
Thursday, September 25, 2025
Contact: CISAMedia@cisa.dhs.gov
CISA Issues Emergency Directive Requiring Federal Agencies to Identify and Mitigate Cisco Zero-Day Vulnerabilities
Agency Urges All Affected Organizations to Take Immediate Action to Protect their Devices
WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03 in response to an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA) via web services. This is the second emergency directive issued under the Trump Administration. This widespread campaign poses a significant risk to victims' networks by exploiting zero-day vulnerabilities that persist through reboots and system upgrades.
The Emergency Directive mandates that all Federal Civilian Executive Branch Departments and Agencies account for all in-scope devices, collect forensic data, and assess any compromises using CISA-provided procedures and tools. Additionally, they must disconnect end-of-support devices and upgrade those that will remain in service by 11:59 PM EST on September 26, 2025.
“As the lead for federal cybersecurity, CISA is directing federal agencies to take immediate action due to the alarming ease with which a threat actor can exploit these vulnerabilities, maintain persistence on the device, and gain access to a victim’s network," said CISA Acting Director Madhu Gottumukkala. "The same risks apply to any organizations using these devices. We strongly urge all entities to adopt the actions outlined in this Emergency Directive."
As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required. CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.
For more information on CISA Directives, visit Cybersecurity Directives.
###
About CISA
As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.
Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.
|
