vulnerabilityπInternationalBleepingComputer
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
Wednesday, December 17, 2025
What
A zero-day vulnerability in Cisco's AsyncOS is being exploited by a Chinese APT group, enabling them to execute commands and install persistent backdoors on affected appliances.
Where
Global, specifically targeting organizations using Cisco SEG and SEWM appliances.
When
The vulnerability was identified on December 10, 2025, but the exploitation campaign has been active since at least late November 2025.
Key Factors
- β’The vulnerability affects Cisco SEG and SEWM appliances with non-standard configurations when the Spam Quarantine feature is enabled.
- β’Attackers are deploying AquaShell backdoors and reverse SSH tunnel malware such as AquaTunnel and Chisel.
- β’Cisco Talos attributes the attacks to the UAT-9686 threat group, linked to other Chinese state-backed hacking groups.
Takeaways
- βOrganizations should restrict internet access to vulnerable appliances and implement strong authentication methods.
- βThe incident highlights the importance of timely patch management and monitoring for unusual activity.
- βCisco recommends contacting their Technical Assistance Center for compromised appliances and emphasizes the need for a secure configuration.
Read Full Article
Opens original article on BleepingComputer
