Cisco issued security updates addressing a critical remote code execution (RCE) vulnerability, identified as CVE-2025-20393. The flaw carries the highest possible severity score of 10.0.
This vulnerability affects the company’s Secure Email Gateway and Secure Email and Web Manager products. An unauthenticated attacker can exploit the flaw to execute arbitrary commands with root privileges on affected devices.
The vulnerability was a zero-day, meaning exploitation occurred before a patch was available. A China-linked hacking group, tracked as UAT-9686, leveraged the flaw since at least November 2025. The group used the RCE to deploy backdoors.
Cisco’s new software versions fix the vulnerability. The updates also address the persistence mechanisms utilized by the attackers.