Cisco released patches Thursday for a maximum severity vulnerability (CVE-2025-20393) in its email security products that Chinese hackers have been exploiting since November. The flaw allows attackers to execute commands with root privileges on affected Secure Email Gateway and Email and Web Manager appliances.
Cisco's Talos team discovered the attacks targeting a small number of devices. The China-linked group UAT-9686 used the zero-day to install backdoors including AquaShell and tunneling tools. The vulnerability stems from poor HTTP request validation in the Spam Quarantine feature.
Patches are available for multiple AsyncOS versions, with no workarounds. Cisco urges immediate updates through the web interface.
Source: SecurityWeek