BACK TO NEWS
Breaking News

Cisco Releases Critical Patch for Zero-Day RCE in Secure Email Gateways Exploited by Chinese APT

2 min readSource: The Hacker News
CVE-2025-20393

Cisco addresses CVE-2025-20393, a maximum-severity zero-day RCE flaw in Secure Email Gateway exploited by China-linked APT UAT-9686.

Cisco Patches Critical Zero-Day RCE Vulnerability in Secure Email Gateways

Cisco has released security updates to address CVE-2025-20393, a maximum-severity zero-day remote code execution (RCE) vulnerability in Cisco AsyncOS Software for Secure Email Gateway and Secure Email and Web Manager. The flaw was actively exploited by a China-linked advanced persistent threat (APT) actor, tracked as UAT-9686, prior to disclosure.

Key Details

  • Vulnerability ID: CVE-2025-20393
  • CVSS Score: 10.0 (Critical)
  • Affected Products:
    • Cisco Secure Email Gateway (AsyncOS Software)
    • Cisco Secure Email and Web Manager (AsyncOS Software)
  • Exploitation Status: Actively exploited in the wild as a zero-day
  • Threat Actor: UAT-9686 (China-nexus APT)
  • Patch Release Date: January 23, 2026

Technical Overview

CVE-2025-20393 allows unauthenticated attackers to execute arbitrary code remotely on vulnerable systems. The flaw stems from improper input validation in the AsyncOS Software, enabling threat actors to craft malicious requests that trigger code execution with elevated privileges.

Cisco disclosed in December 2025 that UAT-9686 had been exploiting this vulnerability since at least November 2025, prior to the patch’s availability. The APT group, known for cyberespionage campaigns, likely leveraged the flaw to gain initial access to targeted networks via email gateways.

Impact Analysis

Successful exploitation of CVE-2025-20393 could allow attackers to:

  • Gain full control of affected email gateways
  • Move laterally within compromised networks
  • Exfiltrate sensitive data via email channels
  • Deploy additional malware or backdoors

Given the critical nature of email security infrastructure, this vulnerability poses a severe risk to organizations relying on Cisco’s Secure Email Gateway for threat protection.

Recommendations

Cisco has urged all customers to immediately apply the latest security updates to mitigate the risk. Additional defensive measures include:

  • Isolating vulnerable systems until patches are deployed
  • Monitoring network traffic for suspicious activity originating from email gateways
  • Reviewing logs for signs of exploitation (e.g., unusual outbound connections)
  • Enabling multi-factor authentication (MFA) for administrative access

For further details, refer to Cisco’s official security advisory.

Share

TwitterLinkedIn