By The Hacker News
Publication Date: 2026-04-24 17:06:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency’s Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER.
FIRESTARTER, per CISA and the U.K.’s National Cyber Security Centre (NCSC), is assessed to be a backdoor designed for remote access and control. It’s believed to be deployed as part of a “widespread” campaign orchestrated by an advanced persistent threat (APT) actor to obtain access to Cisco Adaptive Security Appliance (ASA) firmware by exploiting now-patched security flaws such as –
- CVE-2025-20333 (CVSS score: 9.9) – An improper validation of user-supplied input vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests.
- CVE-2025-20362 (CVSS score: 6.5) – An improper validation of user-supplied…
