#cisco-asyncos

[ follow ]
#cve-2025-20393 #zero-day-rce #uat-9686 #email-gateway-vulnerability #chinese-linked-apt-uat-9686
Information security
fromThe Hacker News
1 hour ago

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

A critical AsyncOS zero-day (CVE-2025-20393) enables remote root command execution when Spam Quarantine is internet-exposed, actively exploited by China-linked APT UAT-9686.
fromTheregister
7 hours ago

Attacks pummeling Cisco AsyncOS 0-day since late November

Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix. Cisco disclosed the bug, tracked as CVE-2025-20393, on Wednesday and said it affects both physical and virtual SEG and SEWM appliances in certain non-standard configurations where the Spam Quarantine feature is enabled and exposed to the internet.
Information security
Information security
fromTechCrunch
11 hours ago

Cisco says Chinese hackers are exploiting its customers with a new zero-day | TechCrunch

Critical Cisco AsyncOS vulnerability enables full takeover of exposed devices; no patches exist and wiping/rebuilding software is the only current mitigation.
[ Load more ]