vulnerability🌐InternationalCSO Online
Cisco confirms zero-day exploitation of Secure Email products
Thursday, December 18, 2025
What
A previously unknown vulnerability in Cisco's Secure Email appliances is being exploited by a China-linked hacking group, allowing persistent access to compromised systems.
Where
Organizations using Cisco Secure Email appliances globally, particularly those with the Spam Quarantine feature enabled and exposed to the internet.
When
The exploitation campaign has been active since at least late November.
Key Factors
- •Vulnerability affects Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager appliances running AsyncOS with the Spam Quarantine feature enabled.
- •No patch is available, and Cisco recommends rebuilding affected appliances to remove persistent threats.
- •Exploitation may occur from both external and internal networks, increasing the risk for organizations.
Takeaways
- →Organizations should assess their use of the Spam Quarantine feature and consider immediate risk mitigation strategies.
- →The incident highlights the importance of robust incident response plans for critical infrastructure components.
- →Rebuilding affected systems may be necessary, but organizations should plan to minimize downtime and avoid reintroducing threats through backups.
Read Full Article
Opens original article on CSO Online
