#uat-9686

[ follow ]
#cve-2025-20393 #cisco-asyncos #remote-code-execution #email-security #asyncos #secure-email-gateway
fromThe Hacker News
1 week ago

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

The vulnerability, tracked as CVE-2025-20393 (CVSS score: 10.0), is a remote command execution flaw arising as a result of insufficient validation of HTTP requests by the Spam Quarantine feature. Successful exploitation of the defect could permit an attacker to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. However, for the attack to work, three conditions must be met - The appliance is running a vulnerable release of Cisco AsyncOS Software The appliance is configured with the Spam Quarantine feature The Spam Quarantine feature is exposed to and reachable from the internet
Information security
Information security
fromTheregister
1 week ago

Cisco finally fixes max-severity bug under attack for weeks

Cisco released updates fixing a maximum-severity AsyncOS vulnerability (CVE-2025-20393) exploited for root access and persistence on SEG and SEWM appliances.
Information security
fromThe Hacker News
1 month ago

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

A critical AsyncOS zero-day (CVE-2025-20393) enables remote root command execution when Spam Quarantine is internet-exposed, actively exploited by China-linked APT UAT-9686.
[ Load more ]