SECURITY ALERT
Cisco ASA End-of-Support Devices: Security Risks and Immediate Action
Last Updated: October 2025
Why Cisco ASA End-of-Support Is a Critical Security Issue
When Cisco Adaptive Security Appliances (ASA) reach End-of-Support (EOS), they no longer receive vital security patches, bug fixes, or vendor support. Continuing to use EOS devices exposes organizations to new vulnerabilities, regulatory failures, and business risk.
Recent directives from CISA and cybersecurity agencies in the US and UK have made immediate retirement of expired ASA models a mandatory step for all enterprises and agencies.
What Cisco ASA Models Are End-of-Support in 2025?
Withdraw these models from your network now:
- ASA 5525-X: End of support September 30, 2025
- ASA 5545-X: End of support September 30, 2025
- ASA 5555-X: End of support September 30, 2025
- ASA 5508-X: End of support October 2025 (remove if not under active support agreement)
- ASA 5516-X: End of support October 2025 (remove if not under active support agreement)
- ASA 5512-X, 5515-X, 5585-X, 5505, 5510, 5520, 5540, 5550, 5580: End of support prior to 2025 – high security risk
Note: Even models with support expiring between now and August 2026 must be planned for retirement now. Any unsupported devices must be disconnected immediately.
Security Risks of Unsupported Cisco ASA Devices
- Active exploits: Recent zero-day vulnerabilities (CVE-2025-20333/CVE-2025-20362) are being actively weaponized against US and UK networks.
- No vendor patches: Cisco will not provide security fixes for EOS hardware.
- High risk of breach: Attackers exploit systems known to be unpatched and unsupported, making EOS ASA appliances a target
Required Actions
- Disconnect immediately all ASA platforms reaching EOS by September 30, 2025.
- Upgrade to a supported next-generation firewall or secure edge device.
- Audit your entire environment for unsupported network security hardware.
- Monitor compliance directives from CISA, UK NCSC, and your industry regulators.
Frequently Asked Questions (FAQ)
Q1: Can I still use an end-of-support ASA temporarily with extra monitoring?
No. Without vendor patches, these appliances pose unmanageable risks. Regulatory agencies require their immediate removal.
Q2: How do I identify unsupported ASA models?
Check Cisco’s official End-of-Life announcements or contact your Cisco partner for a full audit.
Q3: What are the consequences of not retiring EOS hardware?
You risk regulatory non-compliance, higher insurance premiums, and extreme vulnerability to cyberattacks.
Next Steps:
- Download our ASA End-of-Life Checklist to ensure fast, compliant transition
- Contact our security experts for help with migration planning
- Stay updated on cybersecurity news and EOS notices