By Jessica Lyons
Publication Date: 2026-01-15 23:33:00
Cisco finally delivered a fix for a maximum-severity bug in AsyncOS that has been under attack for at least a month.
The networking giant disclosed the vulnerability, tracked as CVE-2025-20393, on December 17. It affects some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. Cisco first became aware of attackers targeting the appliances on December 10.
“This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,” according to Cisco’s security advisory. “The ongoing investigation has revealed evidence of a persistence mechanism implanted by the threat actors to maintain a degree of control over compromised appliances.”
In a subsequent report, Cisco’s threat intel arm Talos blamed the intrusions on UAT-9686, a China-linked threat group, and said the attacks have been ongoing “since at least…
