Critical Cisco Zero-Day Exploited by Chinese Hackers Targeting Infrastructure

Cisco's Secure Email Gateway zero-day (CVE-2025-20393) exploited by APT41; urgent patching required by Dec 24, 2025.

By Content Team

Jan 17, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cisco confirmed active exploitation of a critical zero-day vulnerability (CVE-2025-20393) in its Secure Email Gateway appliances, scoring a maximum 10.0 CVSS rating. Chinese threat actors UAT-9686, linked to APT41, have been exploiting the flaw since November 2025 to execute remote commands with root privileges.

The attackers deploy custom tools including AquaShell backdoor and AquaTunnel for network pivoting, primarily targeting telecommunications and critical infrastructure for espionage. CISA added the vulnerability to its Known Exploited Vulnerabilities list, requiring federal agencies to patch by December 24, 2025.

Cisco released patches and urges immediate upgrades, as no workarounds exist for this internet-exposed vulnerability.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

'Chilling' Hacking Network Targets Vulnerable Children for Abuse

Feb 7, 2026

M&S Cyber Attack Chaos Leaves More Questions Than Answers

Feb 18, 2026

Cybercriminals Launch Sophisticated Phishing Attack Targeting LastPass Users

Jan 22, 2026

Major Polyfill Attack That Hit 100K Websites Traced Back to North Korean Hackers

Mar 15, 2026