Press Release

CISA Issues Emergency Directive Requiring Federal Agencies to Identify and Mitigate Cisco Zero-Day Vulnerabilities

Agency Urges All Affected Organizations to Take Immediate Action to Protect their Devices

Released

September 25, 2025

Related topics:

Cybersecurity Best Practices

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25-03 in response to an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA) via web services. This is the second emergency directive issued under the Trump Administration. This widespread campaign poses a significant risk to victims' networks by exploiting zero-day vulnerabilities that persist through reboots and system upgrades.

The Emergency Directive mandates that all Federal Civilian Executive Branch Departments and Agencies account for all in-scope devices, collect forensic data, and assess any compromises using CISA-provided procedures and tools. Additionally, they must disconnect end-of-support devices and upgrade those that will remain in service by 11:59 PM EST on September 26, 2025.

“As the lead for federal cybersecurity, CISA is directing federal agencies to take immediate action due to the alarming ease with which a threat actor can exploit these vulnerabilities, maintain persistence on the device, and gain access to a victim’s network," said CISA Acting Director Madhu Gottumukkala. "The same risks apply to any organizations using these devices. We strongly urge all entities to adopt the actions outlined in this Emergency Directive."

As federal civilian agencies implement this mandate, CISA will assess and support agency adherence and provide additional resources as required. CISA is committed to using its cybersecurity authorities to gain greater visibility and drive timely risk reduction across federal civilian agencies.

For more information on CISA Directives, visit Cybersecurity Directives.

###

About CISA

As the nation’s cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us on X, Facebook, LinkedIn, Instagram.

CISA Issues Emergency Directive Requiring Federal Agencies to Identify and Mitigate Cisco Zero-Day Vulnerabilities

CISA Announces Steve Casapulla as Executive Assistant Director for Infrastructure Security

CISA Presents Vision for the Common Vulnerabilities and Exposures (CVE) Program

CISA to Highlight Agency’s Top Priorities to Secure America at 16th Annual Billington CyberSecurity Summit

CISA, NSA and 19 International Partners Release Shared Vision of Software Bill of Materials for Cybersecurity Guide

CISA Issues Emergency Directive Requiring Federal Agencies to Identify and Mitigate Cisco Zero-Day Vulnerabilities

Related Articles

CISA Announces Steve Casapulla as Executive Assistant Director for Infrastructure Security

CISA Presents Vision for the Common Vulnerabilities and Exposures (CVE) Program

CISA to Highlight Agency’s Top Priorities to Secure America at 16th Annual Billington CyberSecurity Summit

CISA, NSA and 19 International Partners Release Shared Vision of Software Bill of Materials for Cybersecurity Guide