By therecord.media
Publication Date: 2025-12-18 16:37:00
Chinese hackers have been exploiting a vulnerability in a popular Cisco email management tool since late November, the company said Wednesday.
Cisco warned customers about the bug — CVE-2025-20393 — writing in an advisory that the vulnerability carries a maximum severity score of 10 and affects appliances with certain ports open to the internet that are running the company’s AsyncOS Software for its Secure Email Gateway and Secure Email and Web Manager.
Those products provide teams with a centralized interface to manage and report functions across multiple Cisco email devices, letting users manage policies, administer devices, enhance security and quarantine spam messages.
The company said it became aware of the intrusion campaign on December 10 when it saw a “limited subset of appliances” being targeted. The hackers have used a variety of tools to maintain their access to compromised devices, according to an ongoing investigation by Cisco.
The company released a…
