Threat actors had access to a critical zero-day for weeks before it was fixed and made public This article explores cisco said vulnerability. . On March 4, Cisco announced the flaw and said in an advisory that it was caused by "insecure deserialization of a user-supplied Java byte stream."
The attacker would send a specially made serialized Java object to the Web-based management interface of a device that was vulnerable. CVE-2026-20131 affects all versions of Cisco Secure FMC Software and Cisco Security Cloud Control (SCC) that have not been fixed. The latter is a software-as-a-service (SaaS) product that updates itself, but FMC users should upgrade to a fixed release right away. Cisco also said that the vulnerability does not affect its Secure Firewall Adaptive Security Appliance (ASA) Software or Secure Firewall Threat Defense (FTD) Software.
Recorded Future's Malware and Vulnerability for the first half of 2025 According to a trends report, threat actors took advantage of 17% of vulnerabilities in edge security and gateway devices (like firewalls and VPNs) in the first half of last year. Vincenzo Iozzo, CEO and cofounder of identity vendor SlashID, tells ZeroOwl that firewalls are appealing in part because they are Internet-facing and, therefore, generally easy to get to. They also tend to use their own software, which has historically been "riddled with vulnerabilities" and unable to find them.
Firewalls "tend to be useful as a pivot point for attackers that want to move laterally into a victim's network," too. Jeff Liford, an associate director at the cyber disaster recovery company Fenix24, says that the firewall industry has been under "substantial security pressure over the past year," and most major vendors have had to fix multiple serious problems during this time. "In our work responding to incidents in 2025, we found that firewall compromise was the first step in a lot of ransomware cases," he says.
