This week has seen the emergence of three significant zero-day vulnerabilities that pose a serious risk to major cybersecurity infrastructures. With attackers exploiting these flaws, organizations must adopt a proactive stance to protect their systems from potential compromise.
The vulnerabilities primarily impact Cisco ASA and Firepower Threat Defense (FTD) firewalls, the Oracle E-Business Suite, and the Google Chrome web browser. These threats expose critical systems to remote code execution (RCE), requiring immediate attention and action for mitigation.
Cisco’s dual zero-day vulnerabilities, CVE‑2025‑20333 and CVE‑2025‑20362, are already under exploitation. Both vulnerabilities primarily affect approximately 50,000 devices, with heavy concentrations in countries like the U.S., Germany, and the U.K. As detailed by security analysts from Cisco Talos and Unit 42, the exploitation chain includes an authentication bypass that grants access to device management interfaces and a buffer overflow vulnerability that allows RCE. “The combination of these two vulnerabilities enables attackers to deploy sophisticated malware, including RayInitiator and LINE VIPER,” said a Cisco Talos spokesperson.
The identified malware establishes persistent access, manipulating system firmware and evading detection—a troubling development in the cybersecurity landscape. Following these findings, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 25‑03, mandating immediate isolation or patching of at-risk devices within a 24-hour window. “This campaign is linked to a state-sponsored actor known as ArcaneDoor, which adds another layer of urgency for organizations to act,” CISA noted in their directive.
Digging deeper, CVE‑2025‑20333 enables unauthorized access to device management, and CVE‑2025‑20362 allows attackers to elevate privileges. “The power of this exploit facilitates the installation of memory-resident malware that survives reboots, making traditional patching futile,” added an analyst from Unit 42.
In light of these threats, Cisco is advising organizations to disable unnecessary SSL VPN services, enforce strict access control lists (ACLs), and apply available updates or temporary fixes. The attack methodology initially targeted government networks before expanding to enterprises, heightening the need for vigilance across the board.
Another critical vulnerability surfaced this week is CVE‑2025‑61882 within Oracle's E-Business Suite, affecting versions 12.2.3 to 12.2.14. This vulnerability has been reported by ERPScan and concerns the ability of attackers to utilize deserialization and path traversal bugs for unauthenticated RCE, threatening intensive controls over ERP functions, including finance and HR management.
Given the prevalence of Oracle EBS in businesses globally, its susceptibility is alarming. Organizations are urged to restrict external access to the affected interfaces promptly, especially those publicly accessible that could be exploited for unauthorized attacks. “Without a patch from Oracle, virtual patching through Web Application Firewalls is essential to filter out malicious traffic,” advised an ERPScan representative.
Moreover, organizations must implement comprehensive monitoring to detect anomalous login attempts or irregular API interactions that could signify exploitation efforts. “Proper vigilance in your ERP systems will go a long way in mitigating potential breaches,” remarked a cybersecurity expert focused on enterprise solutions.
These newly unveiled vulnerabilities highlight the ongoing cybersecurity challenges organizations are facing today. As threat actors continue to refine their techniques, enterprises must remain vigilant and proactive in addressing potential risks to their critical infrastructure.
