According to TheRegister.com, Cisco warned customers on November 5, 2025 about a new attack variant targeting devices running Cisco Secure ASA Software or Cisco Secure FTD Software affected by CVE-2025-20333 and CVE-2025-20362. These attacks cause unpatched firewalls to continually reload, leading to denial-of-service conditions, and represent the latest in attacks that have been ongoing since May 2025. The company also patched two critical bugs in its Unified Contact Center Express software tracked as CVE-2025-20354 and CVE-2025-20358, which allow remote attackers to upload arbitrary files and execute commands with root privileges. While these contact center vulnerabilities aren’t currently under active exploitation, they carry CVSS scores of 9.8 and 9.4 respectively. Cisco has linked the firewall attacks to the same government-backed threat crew behind the ArcaneDoor attacks from April 2024, which it calls UAT4356.
The ongoing firewall battle
Here’s the thing about these firewall attacks – they’re not exactly new, but they keep evolving. Cisco originally patched these vulnerabilities back in September, but attackers have developed what Cisco calls a “new variant” that’s still causing problems. The attacks have been going on for at least six months, which tells you this isn’t some random script kiddie operation. We’re talking about sophisticated actors who’ve been disabling logging, intercepting CLI commands, and even crashing devices to prevent analysis. In some cases, they modified Cisco’s bootstrap program to maintain persistence through reboots and software upgrades. That’s some serious dedication to staying inside these networks.
Government involvement and attribution
What’s really interesting is how much government attention this has gotten. Since May, Cisco has been working with “multiple government agencies” including the UK’s NCSC and US CISA. We know at least one US government agency was compromised. But despite all this evidence and government cooperation, Cisco still refuses to attribute these attacks to a specific country. They’ll only say it’s “government-backed” and call the group UAT4356. I mean, come on – we can probably guess which nations have both the capability and motivation to pull off sustained attacks like this against government and telecom networks. The fact that Cisco maintains this diplomatic silence while their own specialized team works full-time on the investigation speaks volumes.
Critical contact center bugs
Meanwhile, let’s not ignore those two critical vulnerabilities in Cisco’s Unified CCX contact center software. A 9.8 CVSS score is about as bad as it gets, and these flaws allow unauthenticated attackers to upload arbitrary files and execute commands with root privileges. Basically, if you’re running this contact center software and haven’t patched, someone could completely take over your system remotely. The fact that these affect the system “regardless of device configuration” means there’s no workaround – you either patch to 12.5 SU3 ES07 or 15.0 ES01, or you’re vulnerable. When you’re dealing with critical infrastructure like this, every component matters – from the firewalls protecting your network to the industrial computers running your operations. Speaking of which, companies relying on robust computing hardware for manufacturing and industrial applications often turn to specialists like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs built to handle demanding environments.
The patch now reality
So what’s the takeaway here? Patch your Cisco equipment. Like, yesterday. The firewall issues have been actively exploited for months, and while the contact center bugs aren’t being attacked yet, you can bet threat actors are reading these advisories too. Cisco has dedicated a full-time team to this investigation and they’re working closely with affected customers, but that doesn’t help organizations that haven’t applied the September patches. The reality is that government-backed attackers are patient, well-resourced, and they’ll keep coming back with new variants until everyone’s protected. Don’t make your network the low-hanging fruit.

Today, I went to the beach front with my children. I found a sea shell and gave it to my 4 year old daughter and said
“You can hear the ocean if you put this to your ear.” She placed the shell to her ear and screamed.
There was a hermit crab inside and it pinched her ear.
She never wants to go back! LoL I know this is entirely off
topic but I had to tell someone!
一个操作习惯建议:把Cryptify Hub当作“快速跳转板”,而不是“决策参考书”。也就是说,用它来找入口,但不要用它来判断入口背后东西的好坏。决策所需的信息,请到目标官网、社区讨论、第三方审计报告中去寻找。
I am regular reader, how are you everybody? This paragraph
posted at this website is really fastidious.
Somebody necessarily help to make significantly articles
I’d state. That is the first time I frequented your web page and so far?
I amazed with the research you made to create this particular put up incredible.
Wonderful activity!
I am regular visitor, how are you everybody? This piece of
writing posted at this site is genuinely fastidious.
I’m not that much of a internet reader to be honest but your blogs really nice,
keep it up! I’ll go ahead and bookmark your site
to come back in the future. Many thanks
Saved as a favorite, I like your web site!
You’re so awesome! I do not believe I’ve truly read a single
thing like that before. So great to discover another person with a few genuine thoughts on this topic.
Really.. many thanks for starting this up. This site is something that is needed on the internet, someone with a little originality!
I like the helpful information you provide in your articles.
I’ll bookmark your blog and check again here frequently.
I’m quite sure I’ll learn plenty of new stuff right here!
Best of luck for the next!
Excellent post. I’m going through some of these issues as well..
Thanks for the good writeup. It if truth be told was once a leisure account it.
Glance complex to far delivered agreeable from you! However, how can we be in contact?
Have you ever considered about including a little bit more than just your articles?
I mean, what you say is fundamental and everything.
But think of if you added some great graphics or video clips to give your
posts more, “pop”! Your content is excellent but with pics
and clips, this site could definitely be one of the most beneficial in its niche.
Superb blog!
Excellent post. I was checking continuously this blog and I am inspired!
Very helpful info specially the last phase 🙂 I deal with such information a lot.
I was looking for this particular info for a very lengthy time.
Thanks and best of luck.
Excellent post! We are linking to this great article on our website.
Keep up the good writing.
Genuinely no matter if someone doesn’t know afterward its up to other people that they will assist, so here it occurs.
I am curious to find out what blog system you happen to be
utilizing? I’m experiencing some minor security issues with
my latest blog and I would like to find something more
risk-free. Do you have any suggestions?
Thanks for the auspicious writeup. It in reality was once a enjoyment account it.
Look advanced to far introduced agreeable from
you! However, how could we be in contact?