A China-linked hacking group is actively exploiting a critical zero-day vulnerability in Cisco's email security products, potentially affecting hundreds of customers. The flaw, identified as CVE-2025-20393, impacts Cisco Secure Email Gateway and Secure Email and Web Manager appliances. The vulnerability allows attackers to execute arbitrary commands with the highest-level privileges, effectively taking full control of the system.
The hacking campaign, attributed to a group tracked as UAT-9686, has been ongoing since at least late November 2025. Cisco has not yet released a patch for this critical flaw and has advised that the only way to remove the attackers' persistence from compromised systems is to completely rebuild them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its catalog of known exploited threats.