Patch Mandated As Cisco Firewall Flaws Endanger Nearly 5K Devices
Cybersecurity Dive
|
Contributed by: Drex DeFord
Summary
Nearly 50,000 Cisco firewall devices are at risk due to vulnerabilities disclosed by the Shadowserver Foundation, leading to an emergency patching order from the Cybersecurity and Infrastructure Security Agency (CISA). The discovered flaws, CVE-2025-20362 and CVE-2025-20333, involve improper validation of HTTPS requests, allowing potential unauthorized access to security-critical VPN resources. With the U.S. hosting the majority of unpatched devices, healthcare professionals must address these vulnerabilities swiftly, as exploitation could facilitate severe cyberattacks on sensitive patient data and healthcare infrastructure. CISA has mandated that federal agencies confirm mitigation efforts by the week's end, emphasizing the immediate need for action in the healthcare sector.
