By Zeljka Zorz
Publication Date: 2026-01-16 14:54:00
Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at least late November 2025.
The company revealed the flaw’s existence and in-the-wild exploitation on December 17, 2025, and urged customers to check whether their appliances had been breached and to rebuild them in case of confirmed compromise.
CVE-2025-20393 exploitation
“[CVE-2025-20393] is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device,” Cisco explained.
“This attack allows the [unauthenticated] threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.”
Cisco Talos researchers found that attackers…
