Ethical Hacking News
Cisco has issued a warning to its customers regarding a new attack variant that targets devices running Cisco Secure ASA Software or Cisco Secure FTD Software. The vulnerability in question is related to two CVEs: CVE-2025-20333 and CVE-2025-20362. The alert informs users that the attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions. This new attack variant highlights the ongoing threats to network security and emphasizes the importance of patching affected devices as soon as possible.
Cisco has issued a warning about a new attack variant targeting devices running Cisco Secure ASA Software or Cisco Secure FTD Software, which can cause denial of service (DoS) conditions.The vulnerability is related to two CVEs: CVE-2025-20333 and CVE-2025-20362, with the former being a buffer overflow vulnerability and the latter a missing authorization vulnerability.Threat actors can exploit these vulnerabilities for remote code execution and deploy novel malware families, such as RayInitiator and LINE VIPER.Cisco recommends upgrading to fixed software releases listed in the Fixed Releases section of the page to patch affected devices as soon as possible.
Cisco has issued a warning to its customers regarding a new attack variant that targets devices running Cisco Secure ASA Software or Cisco Secure FTD Software. The alert, published on November 5, 2025, informs users that the attack can cause unpatched devices to unexpectedly reload, leading to denial of service (DoS) conditions.
The vulnerability in question is related to two CVEs: CVE-2025-20333 and CVE-2025-20362. The former is a buffer overflow vulnerability in Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server, while the latter is a missing authorization vulnerability in Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD).
According to Cisco, an attacker can exploit the buffer overflow vulnerability for remote code execution, while the missing authorization vulnerability can be chained with the former. The combination of both vulnerabilities allows threat actors to deploy novel malware families, as reported by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in September.
The malware families in question are RayInitiator and LINE VIPER. RayInitiator is a persistent, multi-stage GRUB bootkit that survives reboots and firmware upgrades, while LINE VIPER receives commands either through WebVPN client authentication or by special network packets. The latter uses unique tokens and RSA keys per victim to secure commands and stolen data.
Once active, LINE VIPER can run device commands, capture network traffic, bypass authentication controls, hide log messages, record CLI input, and trigger delayed reboots. Cisco has linked the new attacks to the ArcaneDoor threat actor but notes that no evidence shows other FTD or hardware platforms have been successfully breached.
The alert emphasizes the importance of patching affected devices as soon as possible. Cisco recommends upgrading to fixed software releases listed in the Fixed Releases section of the page.
In a separate development, Google has sounded an alarm on self-modifying AI malware, while Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs. Additionally, SonicWall blames state-sponsored hackers for September security breach and the U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and a weapons program.
Furthermore, former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks. The U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog, while nine arrested in €600M crypto laundering bust across Europe.
Google fixed a critical remote code execution in Android and SesameOp: New backdoor exploits OpenAI API for covert C2. Google Big Sleep found five vulnerabilities in Safari, while Jabber Zeus developer 'MrICQ' extradited to US from Italy.
Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid. Android Apps misusing NFC and HCE to steal payment data on the rise. Conduent January 2025 breach impacts 10M+ people. Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION.
Ukrainian extradited to US over Conti ransomware involvement.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Warns-of-New-Attack-Variant-Targeting-Secure-Firewall-ASA-and-FTD-Devices-ehn.shtml
https://securityaffairs.com/184290/security/cisco-became-aware-of-a-new-attack-variant-against-secure-firewall-asa-and-ftd-devices.html
https://nvd.nist.gov/vuln/detail/CVE-2025-20333
https://www.cvedetails.com/cve/CVE-2025-20333/
https://nvd.nist.gov/vuln/detail/CVE-2025-20362
https://www.cvedetails.com/cve/CVE-2025-20362/
Published: Sat Nov 8 03:32:44 2025 by llama3.2 3B Q4_K_M
