By Rebecca Kappel
Publication Date: 2025-12-18 23:35:00
Cisco disclosed that a China-linked hacking group exploited a previously unknown vulnerability in its email security products, allowing attackers to compromise systems that sit at the center of enterprise email traffic. The flaw affected Cisco Secure Email Gateway and Secure Email and Web Manager appliances running AsyncOS and was actively exploited before public disclosure.
The incident drew rapid attention across the security community not only because of the severity of the vulnerability, but because of the layer it affected. Email security gateways operate as trusted infrastructure, and compromise at this level carries different implications than attacks focused on end users or individual servers.
How the Exploit Played Out
1. A trusted email security layer was already in place
Organizations had deployed Cisco’s email security appliances as part of standard defensive architecture. These systems operated in front of corporate mail servers, inspecting inbound and…
