Chinese hackers are currently exploiting a critical vulnerability in Cisco’s email security products, enabling them to gain root access and install backdoors. This zero-day vulnerability, identified as CVE-2025-20393, affects specific configurations of Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances running AsyncOS software. Despite the lack of available patches, the US government has highlighted the issue as a significant threat, urging immediate action. The vulnerability targets appliances with the Spam Quarantine feature enabled and exposed to the internet, although this feature is not default and internet exposure is not recommended. Cisco advises rebuilding compromised systems as the only current solution to eliminate the threat. The attackers utilize a toolkit that includes custom malware like AquaShell for persistent access and other tools for network infiltration and log file cleansing. The US Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, setting a deadline for federal agencies to address the threat. Cisco recommends restricting access to trusted hosts, deploying firewalls, and disabling unnecessary network services. Organizations are advised to verify potential compromises and seek technical assistance if necessary.
Is a critical Cisco flaw giving Chinese hackers full access?
