Network Security, Vulnerability Management, Threat Intelligence

Cisco patches critical zero-day flaw exploited by China-linked APT

Cisco Logo on a Modern Office Building

Cisco has issued a critical alert regarding a maximum-severity zero-day vulnerability in its AsyncOS software, actively exploited by a China-nexus advanced persistent threat (APT) actor identified as UAT-9686. The attacks specifically targeted Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, with further coverage provided by The Hacker News.

The vulnerability, tracked as CVE-2025-20393 with a CVSS score of 10.0, allows threat actors to execute arbitrary commands with root privileges on affected appliances. Exploitation requires the Spam Quarantine feature to be exposed to the internet. The APT actor has been observed deploying tools like ReverseSSH, Chisel, AquaPurge, and a Python backdoor named AquaShell to maintain persistence and control. Cisco became aware of the campaign on December 10, 2025, with exploitation activity dating back to late November 2025. Cisco advises users to restore appliances to a secure configuration, limit internet access, and monitor for unexpected traffic, as a patch is not yet available.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-20393 to its Known Exploited Vulnerabilities catalog, mandating mitigation for Federal Civilian Executive Branch agencies by December 24, 2025. This incident highlights the ongoing threat from sophisticated APT actors and underscores the importance of timely patching and robust security configurations for critical infrastructure. The disclosure also coincides with reports of large-scale, automated credential-based attacks targeting VPN authentication infrastructure, indicating a broader trend of sophisticated cyber threats against enterprise networks.

Source: The Hacker News

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds