Attacks pummeling Cisco AsyncOS 0-day since late November

Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix.

Cisco disclosed the bug, tracked as CVE-2025-20393, on Wednesday and said it affects both physical and virtual SEG and SEWM appliances in certain non-standard configurations where the Spam Quarantine feature is enabled and exposed to the internet. 

"On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet … This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance," according to the security advisory.

The vendor also published recommendations for customers to assess exposure and mitigate risks. 

According to Cisco's threat intel arm Talos, the attacks ...