Скачать или смотреть CRITICAL 10.0: The Cisco Zero-Day Rooting Email Gateways Right Now

CVE-2025-20393, a critical zero-day vulnerability with a maximum severity score of 10.0 affecting Cisco Secure Email Gateway and Secure Email and Web Manager appliances. This flaw involves improper input validation in the Cisco AsyncOS software, allowing unauthenticated attackers to execute arbitrary commands with root privileges. Exploitation is currently active in the wild and is attributed to a China-nexus threat actor known as UAT-9686, who deploys persistent backdoors like AquaShell to maintain control. The risk specifically impacts deployments where the Spam Quarantine feature is enabled and exposed to the public internet, though Cisco Secure Email Cloud remains unaffected. Experts emphasize that because these attackers use sophisticated persistence mechanisms and log-wiping tools, rebuilding compromised appliances is often the only way to fully eradicate the threat. While patches have been released, immediate defensive recommendations include restricting network access to management ports and placing affected devices behind filtering firewalls.