Cisco issued an emergency alert this week, warning that a new wave of New Firewall Attacks are actively targeting major vulnerabilities in its firewall products. The company confirmed that hackers have developed a new method to exploit these weaknesses, which can knock critical devices offline and cause widespread network outages.

In a separate but equally serious announcement, the networking giant also released patches for several brand-new, critical vulnerabilities in its contact center and identity management software. Two of these newly found flaws are considered exceptionally dangerous, scoring 9.8 out of 10 on the severity scale, and could allow a hacker to completely take over a system without even needing a password.

New Attack Targets Known Firewall Holes

The most immediate threat comes from a new attack variant aimed at Cisco Secure Firewall software. This software, used by companies worldwide to protect their networks, has two known vulnerabilities that were first announced back in September 2025: CVE-2025-20333 and CVE-2025-20362.

While patches for these have been available for over a month, many systems remain unprotected. Cisco’s new warning states that attackers are now using a new technique to exploit these unpatched devices, causing them to suddenly crash and reboot. This results in a denial-of-service (DoS) condition, which effectively shuts down the company’s network, blocking all internet traffic and cutting off employees and customers.

These two firewall flaws are a devastating combination. The first one, CVE-2025-20333, allows an attacker to send a specially crafted web request to a firewall and run their own malicious code with the highest possible “root” privileges. This is the digital equivalent of a burglar not just picking a lock but stealing the master key to the entire building.

The second flaw, CVE-2025-20362, lets an attacker access parts of the system that are supposed to be locked and private, all without needing to log in.

Security officials, including the U.K.’s National Cyber Security Centre (NCSC), had previously confirmed that these vulnerabilities were exploited as “zero-days”—meaning they were actively used by hackers before Cisco even knew about them or had a fix. Those earlier attacks were used to inject dangerous malware, known as RayInitiator and LINE VIPER, deep into corporate networks. This new attack variant just gives hackers another powerful tool to use against companies that haven’t applied the September updates.

Critical Flaws Found in Contact Center Software

As system administrators race to patch their firewalls, Cisco dropped more bad news. The company released fixes for two critical vulnerabilities in its Unified Contact Center Express (Unified CCX) platform, the software used by countless companies to manage their customer service calls and interactions.

These flaws, discovered and reported by security researcher Jahmel Harris, are severe.

The first, CVE-2025-20354, was given a 9.8 (out of 10) “critical” severity score. It exists in the system’s Java RMI process, a component used for remote communication. A hacker from anywhere in the world could exploit this flaw to upload any file they want—such as ransomware or spyware—and then execute it with “root” permissions, giving them total control of the server.

The second, CVE-2025-20358, is nearly as bad, with a 9.4 “critical” score. This vulnerability is in the Contact Center Express (CCX) Editor application. It allows a hacker to completely bypass the login screen and gain administrator-level permissions. From there, they could create their own malicious scripts on the system and run them, potentially to steal sensitive customer data or pivot deeper into the company’s network.

Cisco has released patches for these dangerous flaws and urges customers to update immediately. The fixes are in version 12.5 SU3 ES07 and 15.0 ES01.

High-Severity Bug Also Hits Identity Engine

To round out the string of security alerts, Cisco also patched a high-severity bug in its Identity Services Engine (ISE), the product that controls who and what can connect to a network.

This flaw, CVE-2025-20343, is a denial-of-service bug that can be triggered remotely without authentication. An attacker can crash the device simply by sending a specific sequence of network login requests (known as RADIUS requests). The system apparently gets confused by a request for a MAC address that it has already rejected, causing a “logic error” that forces an unexpected restart. For a system designed to be the central gatekeeper for network access, an inability to handle bad requests is a significant problem.

As of now, there is no evidence that the new vulnerabilities in the Contact Center (CCX) or Identity Engine (ISE) are being used by hackers in the wild. However, given the extreme severity of the CCX flaws, security experts warn that it is only a matter of time before attackers reverse-engineer the patches and develop tools to exploit them.

The key takeaway for any organization using this equipment is clear: patching is not optional. With active attacks already underway against the firewall flaws and critical, “game-over” level vulnerabilities just disclosed for other products, the window to act is closing fast.