Statement from the Canadian Centre for Cyber Security on malware targeting global organisations through Cisco Systems – Canadian Centre for Cyber Security
Summary
The Canadian Centre for Cyber Security (Cyber Centre), part of the Communications Security Establishment (CSE), is warning Canadian organisations about a serious new cyber threat identified by Cisco. The activity targets end-of-life Cisco ASA 5500-X Series devices and involves highly sophisticated malware that uses evasion techniques to avoid detection.
The Cyber Centre urges immediate action: apply patches and mitigations referenced in their alert and advisory, and contact the Cyber Centre if you suspect compromise. The advisory highlights CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363 as vulnerabilities of concern.
Expert teams are investigating the scope of the vulnerability, performing stakeholder outreach, and coordinating a response to strengthen Canada’s cyber resilience.
Key Points
- Threat actors are exploiting vulnerabilities in end-of-life Cisco ASA 5500-X devices to deploy sophisticated malware.
- The Cyber Centre references Cisco’s event response and has published an alert AL25-012 and advisory AV25-619 listing affected CVEs.
- The malware uses advanced evasion techniques, making detection by conventional methods difficult.
- Immediate action is recommended: apply patches/mitigations and follow the Cyber Centre’s guidance pages.
- If you suspect your organisation is affected, contact the Cyber Centre at 1-833-CYBER-88 or email contact@cyber.gc.ca.
- Rajiv Gupta, Head of the Cyber Centre, stresses rapid action for critical infrastructure owners to prevent severe disruption.
Why should I read this?
Heads up — if your network uses Cisco ASA 5500-X kit (especially end-of-life units), this is important. The malware is stealthy and the weaknesses are real: patch now, check your kit, and get help if you see anything odd. We’ve boiled down the essentials so you can act fast.
