Cisco Fixes Critical AsyncOS Vulnerability Under Attack

Cisco Fixes Critical AsyncOS Vulnerability Under Attack

First seen 16 Jan 2026, 03:59 UTC Blog.TalosintelligenceTheregisterHeise.DeWebpronewsBleepingcomputer+4 62% similarity 95.8

Article Content

Browse articles
ThreatCluster

Cisco has addressed a maximum-severity vulnerability in AsyncOS, tracked as CVE-2025-20393, which has been actively exploited for at least a month. The flaw affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances, allowing attackers to execute arbitrary commands with root privileges. Cisco first detected attacks targeting these appliances on December 10.

ThreatCluster AI

Community

Browse all →