The Hacker News

Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways

Cisco released fixes for CVE-2025-20393, a CVSS 10.0 zero-day RCE flaw in AsyncOS exploited by a China-linked APT via email security appliances.

Cisco finally fixes AsyncOS zero-day exploited since November

Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025.
Hosted on MSN

Cisco email security products actively targeted in zero-day campaign

Cisco confirms zero‑day (CVE‑2025‑20393) in Secure Email appliances exploited by China‑linked actors Attackers deployed Aquashell backdoor, tunneling tools, and log‑clearing utilities for persistence ...

Cisco has finally patched maximum-level security issue targeted by hackers

Cisco bug which was actively abused since late November 2025 has finally been addressed.