FIRESTARTER on Cisco ASA/Firepower: Backdoor Survived Patches — Urgent Actions

Colleagues, a cybersecurity alert: CISA reported compromise of Cisco Firepower (ASA) in September 2025 — the FIRESTARTER backdoor persists after patches.
Summary:
- What: Linux ELF backdoor installed into boot, surviving reboots and updates.
- How: Exploited CVE-2025-20333 and CVE-2025-20362 with post‑exploit LINE VIPER for command execution and persistence.
- Recommendations: Treat configuration as compromised and reimage devices; temporarily perform a cold power cycle (disconnect power).
Why it matters: A persistent perimeter backdoor endangers network access and integrity.
What actions will you take?
#cybersecurity #Cisco #infrastructure #APT


Latest comments
No comments yet.