On Wednesday, Cisco issued a warning about a critical vulnerability being exploited in some of its popular products, allowing attackers to gain full control over affected devices. Currently, no patches are available. The vulnerability affects Cisco AsyncOS software, particularly the Cisco Secure Email Gateway devices and Cisco Secure Email and Web Manager, both physical and virtual. Devices with the “Quarantine Spam” feature enabled are accessible from the Internet, although this feature is not enabled by default, which limits the attack surface. Despite this, the seriousness of the attack is heightened by the fact that many large organizations use these products, and it is unclear how long attackers may have had “backdoors” in the systems. Cisco has not disclosed how many customers are affected but is actively investigating and working on a permanent fix. The only current solution for compromised devices is to wipe and reinstall the software. The campaign, linked to Chinese government hacking groups, has been ongoing since at least the end of November 2025. Experts advise monitoring vendor updates, minimizing open access to administrative interfaces, and isolating vulnerable systems until a patch is available.
Is there a critical vulnerability in Cisco’s AsyncOS products?
