Cisco has issued a warning about an unpatched zero-day vulnerability (CVE-2025-20393) affecting its Secure Email Gateway and Web Manager appliances, which is being exploited in active attacks linked to Chinese threat actors. Organizations using affected systems should restrict access, monitor logs, and follow Cisco’s security advisories to mitigate risks. #CVE2025-20393 #UAT9686 #AquaShell
Keypoints
- Cisco’s AsyncOS zero-day vulnerability is actively exploited by Chinese threat group UAT-9686.
- The attack involves deploying backdoors, reverse tunnels, and log-clearing tools to maintain persistence.
- Vulnerable appliances have specific conditions, such as enabled Spam Quarantine and internet exposure.
- Cybercriminals behind these attacks are linked to Chinese state-backed hacking groups like APT41.
- Cisco recommends restricting access, monitoring logs, and rebuilding compromised systems to prevent exploitation.