"It's currently not known how many customers are affected. "This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance," Cisco said in an advisory. "The ongoing investigation has revealed evidence of a persistence mechanism planted by the threat actors to maintain a degree of control over compromised appliances.""
""The as-yet-unpatched vulnerability is being tracked as CVE-2025-20393, and carries a CVSS score of 10.0. It concerns a case of improper input validation that allows threat actors to execute malicious instructions with elevated privileges on the underlying operating system. All releases of Cisco AsyncOS Software are affected. However, for successful exploitation to occur, the following conditions have to be met for both physical and virtual versions of Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances -""
A maximum-severity zero-day vulnerability, tracked as CVE-2025-20393 with a CVSS score of 10.0, exists in all releases of Cisco AsyncOS. The flaw is an improper input validation issue that enables execution of arbitrary commands with root privileges on affected appliances. The vulnerability is unpatched and has been actively exploited by a China-nexus APT identified as UAT-9686 against Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Successful exploitation requires the Spam Quarantine feature to be enabled and reachable from the internet; Spam Quarantine is not enabled by default. The intrusion campaign was first observed on December 10, 2025.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]