US EditionCisco finally fixes max-severity bug under attack for weeks
Cisco fixed a critical AsyncOS flaw exploited for espionage by a China-linked group using backdoors and tunneling tools, with attacks ongoing since November 2025, Talos said.
8 Articles
8 Articles
Network World
CSO OnlineCisco finally patches seven-week-old zero-day flaw in Secure Email Gateway products
Better late than never. Cisco this week patched a ‘critical’ zero-day flaw in the company’s email security and management gateways that has hung over customers’ heads since December. Tracked as CVE-2025-20393, the vulnerability affects Cisco’s AsyncOS Software running on the physical or virtual Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) products. The issue is serious, allowing an attacker to take over an appliance with ro…
Cisco’s Zero-Day Nightmare: China-Linked Hackers Breach Email Defenses
In a stark reminder of the vulnerabilities embedded in even the most trusted network gear, Cisco Systems Inc. has patched a critical zero-day flaw that allowed China-linked hackers to seize control of secure email gateways. The vulnerability, tracked as CVE-2025-20393, carries a perfect CVSS score of 10.0, enabling remote code execution with root privileges. First disclosed in mid-December 2025, the exploit was actively used by the advanced pers…
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. The vulnerability, tracked as CVE-2025-20393 (CVSS
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
