The Daily Patch
Back to News
vulnerability🌐InternationalThe Hacker News

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Thursday, December 18, 2025

Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

What

A zero-day vulnerability in Cisco AsyncOS software has been exploited by an APT group, allowing for remote command execution on affected appliances.

Where

Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, with a focus on those exposed to the internet.

When

Cisco became aware of the exploitation on December 10, 2025, with activity dating back to late November 2025.

Key Factors

  • CVE-2025-20393 has a CVSS score of 10.0, indicating critical severity.
  • The vulnerability involves improper input validation that enables root command execution.
  • Exploitation requires the Spam Quarantine feature to be enabled and accessible from the internet.

Takeaways

  • Organizations should immediately check their configurations and limit internet exposure of vulnerable features.
  • The incident highlights the ongoing threat posed by APT groups targeting critical infrastructure.
  • Users are advised to implement strong authentication methods and monitor for unusual traffic.
Read Full Article

Opens original article on The Hacker News

Similar News

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Over 10K Fortinet Firewalls Exposed to Actively Exploited 2FA Bypass

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

Kimwolf Botnet Exploits Residential Proxies to Infiltrate Home Networks

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

RondoDox Botnet Exploits Critical React2Shell Flaw in Next.js Servers

IBM API Connect Critical Authentication Bypass Disclosed

IBM API Connect Critical Authentication Bypass Disclosed