By Sead Fadilpašić
Publication Date: 2026-01-16 16:15:00
- Cisco patches critical RCE flaw (CVE-2025-20393) in Secure Email appliances
- Chinese state-sponsored groups exploited it for weeks using Aquashell and tunneling tools
- Updates remove persistence mechanisms; extent of global compromise remains unknown
A maximum-severity vulnerability in certain Cisco products has finally been addressed after allegedly being exploited by Chinese hackers for several weeks.
In mid-December 2025, the networking giant disclosed a remote code execution (RCE) vulnerability in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. It tracked the flaw as CVE-2025-20393 and gave it a severity score of 10/10 (critical).
“This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,” Cisco said at the time. “The ongoing investigation has revealed evidence of a persistence mechanism implanted by the threat actors to maintain a degree of…
