Pentesting Weekly Digest — September 20–26, 2025
This week brought a surge in firewall zero-days, airport chaos, and a surprisingly old-school ransomware twist. Let’s dig in.
🔹 Cisco ASA / FTD Zero-Days + CISA Emergency Directive
Two new zero-days — CVE-2025-20333 and CVE-2025-20362 — are being actively exploited against Cisco ASA and Firepower Threat Defense (FTD). Attackers are using them to gain root and move laterally.
CISA responded with Emergency Directive 25-03, forcing U.S. federal agencies to immediately hunt and mitigate compromised Cisco devices.
Meanwhile, Cisco also patched another actively exploited zero-day in IOS / IOS XE (CVE-2025-20352) tied to SNMP.
🔹 Ransomware Disrupts European Airports
Several major European airports — Heathrow, Brussels, Berlin — faced chaos after a ransomware attack hit Collins Aerospace’s vMUSE check-in platform.
Check-in and baggage systems went offline, staff reverted to manual processes, and flights were delayed or canceled. UK police have already made an arrest in connection to the attack.
🔹 Ivanti EPMM Exploited in the Wild
Two critical flaws in Ivanti Endpoint Manager Mobile (EPMM) — CVE-2025-4427 (auth bypass) and CVE-2025-4428 (RCE) — are under active exploitation.
Attackers are chaining Base64-encoded EL injection, password parameter tampering, and Tomcat listener injection to compromise servers.
🛠 Closing Note
This week’s pattern is clear: firewalls, enterprise middleware, and third-party dependencies remain prime targets.
If you run Cisco ASA / FTD — patch and audit ASAP.
If your org relies on Collins Aerospace systems — monitor for supply-chain fallout.
If Ivanti EPMM is in your stack — assume compromise until proven otherwise.
Nice one :)