Cisco warns of a China-linked threat groupβs exploitation of a new zero-day vulnerability (CVE-2025-20393) impacting its security products, with ongoing attacks targeting specific devices. The threat actor uses sophisticated tools like AquaShell, AquaPurge, and AquaTunnel to maintain persistence and facilitate remote access, highlighting the importance of vigilance in cybersecurity. #CVE202520393 #UAT9686
Keypoints
- Cisco has identified a zero-day vulnerability affecting AsyncOS security appliances.
- The vulnerability allows remote code execution with root privileges on affected systems.
- A Chinese state-sponsored APT, tracked as UAT-9686, is believed to be behind the attacks.
- The campaign utilizes advanced persistence and tunneling tools like AquaShell, AquaPurge, AquaTunnel, and Chisel.
- There are no patches or official workarounds available for CVE-2025-20393 at this time.
Read More: https://www.securityweek.com/china-linked-hackers-exploiting-zero-day-in-cisco-security-gear/