Threat Intelligence Report

FIRESTARTER Backdoor

📅 April 25, 2026 📰 www.cisa.gov 🔍 2 CVE(s) referenced

FIRESTARTER is a stealthy, firmware-persistent backdoor deployed by advanced threat actors to maintain covert access and control over Cisco Firepower and Secure Firewall devices—even after patching—by exploiting recent vulnerabilities and evading standard detection methods.

CVE-2025-20333, CVE-2025-20362

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle