Cisco has released a patch for a critical AsyncOS zero-day vulnerability (CVE-2025-20393) that has been exploited since November 2025. Threat actors, believed to be a Chinese hacking group UAT-9686, have been using this flaw to deploy malicious tools and maintain persistence. #AsyncOS #UAT9686
Keypoints
- Cisco fixed a maximum-severity zero-day vulnerability affecting certain appliances.
- The flaw involves improper input validation enabling remote command execution with root privileges.
- The attack targeted Cisco Secure Email Gateway and Web Manager appliances with specific configurations.
- Chinese threat group UAT-9686 is linked to the exploitation, deploying backdoors like AquaShell and malware such as AquaTunnel.
- CISA mandated federal agencies to apply Ciscoβs patches and mitigations by December 24 to prevent compromises.