The Daily Patch
Back to News
vulnerability🌐InternationalSecurity Affairs

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

Friday, December 19, 2025

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

What

A China-linked APT group exploited a critical zero-day vulnerability in Cisco's Secure Email Gateway and Secure Email and Web Manager, allowing for remote command execution and persistence mechanisms.

Where

International, specifically targeting organizations using Cisco's email security appliances.

When

Cisco became aware of the attacks on December 10, 2025, with ongoing exploitation since at least late November 2025.

Key Factors

  • Exploitation of CVE-2025-20393 allows root-level command execution.
  • Attackers deployed a custom persistence mechanism named AquaShell.
  • Compromised appliances were primarily those with non-standard configurations and exposed ports.

Takeaways

  • Organizations should ensure proper configuration and security of their Cisco email appliances.
  • The incident highlights the ongoing threat posed by state-sponsored APT groups.
  • Immediate patching and monitoring for indicators of compromise are recommended.
Read Full Article

Opens original article on Security Affairs

Similar News

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

IBM API Connect Critical Authentication Bypass Disclosed

IBM API Connect Critical Authentication Bypass Disclosed