Cisco Alerts on Critical Zero-Day Vulnerability Exploited by China APT
Cisco has issued an alert regarding a maximum severity zero-day vulnerability in its Cisco AsyncOS software. This flaw has been actively exploited by an advanced persistent threat (APT) actor with ties to China, dubbed UAT-9686, in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Threat Details The intrusion campaign was detected on December 10, 2025. Cisco identified that a limited subset of its appliances, with specific ports exposed to the Internet, were targeted. The vulnerability, tracked as CVE-2025-20393, has a CVSS score of 10.0 and allows attackers to execute arbitrary commands with root privileges on the underlying operating system of the affected appliance. Attackers have managed to establish persistence mechanisms to maintain control over compromised systems. ...