VulnerabilityBleeping Computer
9.9 — CRITICAL
Firestarter malware survives Cisco firewall updates, security patches
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Firestarter malware, attributed to UAT-4356 threat actor, has persisted on Cisco Firepower and Secure Firewall devices despite security patch updates, compromising remote access and executing attacker-provided shellcode.
⚙️Technical Details
CVEs
CVE-2025-20333CVE-2025-20362
Affected Systems
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
Who Is at Risk
Federal civilian executive branch agencies and organizations using Cisco Firepower and Secure Firewall devices
🛡️Recommended Actions
1Reimage and upgrade the device using fixed releases
2Run 'show kernel process | include lina_cs' command to detect compromise
3Perform cold restart (disconnecting power) as alternative, but with risk of database or disk corruption
📦Affected Products
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense
🔐NVD Verified DataVERIFIED
CVE-2025-20333 ↗CVSS 9.9 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HWeaknesses
CWE-120
Affected Products (CPE)
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense
CVE-2025-20362 ↗CVSS 8.6 — HIGH
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HWeaknesses
CWE-862
Affected Products (CPE)
Cisco Adaptive Security Appliance SoftwareCisco Firepower Threat Defense
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.