Security researchers discovered at least 120 Cisco Secure Email Gateway and Web Manager devices vulnerable to CVE-2025-20393, a critical zero-day flaw that attackers are actively exploiting. No patch is currently available, leaving organizations exposed.
The vulnerable devices are part of over 650 Cisco email security appliances accessible online. These systems are crucial for filtering malicious emails and protecting networks from phishing and malware.
Cisco has released a security advisory urging immediate defensive measures and temporary mitigations until a permanent fix arrives. The company hasn't provided a timeline for the security update, making interim protections essential for affected organizations.
Source: Cyber Security News