Ethical Hacking News
Cisco has finally fixed a critical bug in their AsyncOS software that was under attack for at least a month. The bug, tracked as CVE-2025-20393, affects some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances, allowing attackers to execute arbitrary commands with root privileges. Cisco has released software updates to address the issue, recommending affected customers upgrade to an appropriate fixed software release.
Cisco has released a fix for a maximum-severity bug in their AsyncOS software.The vulnerability allows threat actors to execute arbitrary commands with root privileges on affected appliances.The attacks are believed to be affiliated with UAT-9686, a China-linked threat group.Cisco recommends that affected customers upgrade to an appropriate fixed software release.
Cisco has finally delivered a fix for a maximum-severity bug in their AsyncOS software, which has been under attack for at least a month. The vulnerability, tracked as CVE-2025-20393, affects some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances.
According to Cisco's security advisory, the attack allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. This gives attackers a high level of access to the compromised systems, making them vulnerable to further attacks or data theft. The ongoing investigation by Cisco's threat intelligence arm, Talos, has revealed evidence of a persistence mechanism implanted by the threat actors to maintain control over compromised appliances.
The attacks on Cisco's AsyncOS have been ongoing since at least late November 2025, and attackers are believed to be affiliated with UAT-9686, a China-linked threat group. The attacks have had a significant impact on customers who rely on Cisco's Secure Email Gateway and Secure Email and Web Manager services.
In response to the attacks, Cisco has released software updates to address the security issue. The updates remove persistence mechanisms that may have been installed during a related cyberattack campaign, making it more difficult for attackers to maintain control over compromised appliances. Cisco strongly recommends that affected customers upgrade to an appropriate fixed software release, as outlined in the updated security advisory.
Customers who need support can contact the Cisco Technical Assistance Center for assistance. Despite our repeated requests, Cisco did not provide us with information on how many appliances have been infected by the attackers.
The fix for this critical bug is a welcome relief for customers who rely on Cisco's Secure Email Gateway and Secure Email and Web Manager services. The release of the software updates marks an important step in protecting against future attacks, and we hope that all affected customers take advantage of the updated security advisory to upgrade their appliances.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Fixes-Critical-AsyncOS-Bug-Under-Attack-for-Weeks-ehn.shtml
Published: Thu Jan 15 17:42:24 2026 by llama3.2 3B Q4_K_M
