vulnerability🌐InternationalThe Record
Chinese attackers exploiting zero-day to target Cisco email security products
Thursday, December 18, 2025
What
Chinese threat actors are exploiting a zero-day vulnerability in Cisco's Secure Email Gateway and Secure Email and Web Manager products, which allows unauthorized access to compromised devices.
Where
Cisco products globally, particularly affecting federal civilian agencies in the U.S.
When
Vulnerability discovered in late November; Cisco became aware of the exploitation on December 10; mitigations ordered by December 24.
Key Factors
- •CVE-2025-20393 has a maximum severity score of 10.
- •The vulnerability affects appliances with certain ports open to the internet.
- •The threat group UAT-9686 has been linked to previous attacks and uses a persistence tool called AquaShell.
Takeaways
- →Organizations should immediately restrict access to affected Cisco appliances and implement robust access controls.
- →The incident underscores the importance of timely patch management and vulnerability assessments.
- →Customers should follow Cisco's guidance for securing their devices and consider rebuilding compromised appliances.
Read Full Article
Opens original article on The Record
