By Sergiu Gatlan
Publication Date: 2026-01-16 09:20:00
Cisco has finally patched a maximum-severity Cisco AsyncOS zero-day exploited in attacks against Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances since November 2025.
As Cisco explained in December, when it disclosed the vulnerability (CVE-2025-20393), it affects only Cisco SEG and Cisco SEWM appliances with non-standard configurations when the Spam Quarantine feature is enabled and exposed on the Internet.
“Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance,” Cisco said.
Detailed instructions for upgrading vulnerable appliances to a fixed software version are available in this security advisory.
Cisco Talos, the company’s threat intelligence research team, believes that a Chinese hacking group tracked as…
:max_bytes(150000):strip_icc()/GettyImages-2229984514-dae5f3aa4b46492d81a3fab6dd19179b.jpg?ssl=1 "Top Stock Movers Now: Cisco Systems, Walt Disney, Sealed Air, and More")