Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense — CISCO-SA-ASAFTD-PERSIST-CISAED25-03

Cisco · Cisco · CISCO-SA-ASAFTD-PERSIST-CISAED25-03

ID
CISCO-SA-ASAFTD-PERSIST-CISAED25-03

Date
2026-05-19

Activity
2026-05-19

Source
Cisco

Vendor
Cisco

Threat
medium

Summary

On April 23, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an update to V1: Emergency Directive (ED) 25-03: Identify and Mitigate Potential Compromise of Cisco Devices related to Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) products. According to the update, the ArcaneDoor threat actor has developed a previously unknown…

Product

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense

What to do

General, cautious steps (verify details in the official source):

Review exposure and plan remediation based on risk and environment.
Identify affected product versions in your inventory and verify whether you are impacted.
Apply vendor patches/updates or recommended mitigations as soon as available.
Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

Cisco Cisco 2026-W21

Continued Evolution of Persistence Mechanism Against Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense — CISCO-SA-ASAFTD-PERSIST-CISAED25-03

Summary

Product

What to do

Official advisory

Related advisories

aiograpi: Unsafe signup challenge path handling

Arcane: Missing admin authorization on global variables endpoint

AstrBot: File upload vulnerability in the function post_file of the file astrbot/dashboard/routes/chat.py

Beetl's SpELFunction extension function has an expression injection risk

CVE-2026-43029 mptcp: fix soft lockup in mptcp_recvmsg()

CVE-2026-43414 scsi: qla2xxx: Completely fix fcport double free