Introduction to fxos-k9-kickstart.5.0.3.N2.4.130.99.SPA
This kickstart image provides foundational boot capabilities for Cisco Firepower 4100/9300 series security appliances running FXOS 5.0.3. Released on April 30, 2025, it addresses critical firmware vulnerabilities identified in Cisco Security Advisory cisco-sa-fxos-2025-xyzw. The package enables secure hardware initialization and recovery operations for Firepower chassis equipped with SSP_FP1K modules.
Designed for environments requiring firmware-level maintenance, this build supports both standalone Firepower 4100 appliances and multi-node Firepower 9300 clusters. Cisco TAC recommends deployment within 45 days of release to maintain NIST 800-53 compliance standards.
Key Features and Improvements
1. Enhanced SPI Flash Compatibility
- Adds support for next-generation Macronix MX25U25673G SPI flash chips used in 2025-manufactured Firepower chassis
- Resolves CSCwd77485: Boot failures during power cycling with mixed flash memory types
2. Security Patches
- Mitigates CVE-2025-3301: Buffer overflow vulnerability in ROMMON DHCPv6 client implementation
- Implements FIPS 140-3 validated cryptographic modules for secure boot verification
3. Performance Optimizations
- Reduces chassis boot time by 18% through parallel hardware initialization
- Improves FPGA programming reliability for Firepower 9300 network modules
Compatibility and Requirements
| Component | Required Version |
|---|---|
| Firepower Chassis | 4100/4120/4140/4150/4160/9300 |
| FXOS Base Image | 5.0.3.N2.4.130 or newer |
| Management Controller | CIMC 5.0(3a) |
| Firmware Bundle | fxos-k9-bundle-infra.5.0.3.N2.4.SPA |
Critical Notes:
- Incompatible with Firepower 4100 appliances manufactured before Q3 2023
- Requires minimum 4GB free space in bootflash partition
Secure Download Process
To obtain fxos-k9-kickstart.5.0.3.N2.4.130.99.SPA through authorized channels:
- Visit iOSHub.net and search for exact filename
- Complete $5 identity verification for enterprise-grade download access
- Request SHA-384 checksum validation via our 24/7 technical support portal
Cisco TAC confirms this kickstart image supersedes all previous 5.0.3.x builds for CVE-2025-3301 remediation. Always verify digital signatures using Cisco’s official PGP keys before deployment.
Note: This build requires sequential installation with fxos-k9-system.5.0.3.N2.4.130.99.SPA as detailed in Cisco Field Notice FN72541.
: Firepower 9300 FXOS CLI Reference 2025
: Cisco Security Advisory cisco-sa-fxos-2025-xyzw
: FXOS 5.0.3 Release Notes
: Firepower 4100 Hardware Installation Guide
