Blog.Talosintelligence
Cisco Fixes Critical AsyncOS Vulnerability Under Attack
First seen 16 Jan 2026, 03:59 UTC
•



+4
•62% similarity
•95.8
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Cisco has addressed a maximum-severity vulnerability in AsyncOS, tracked as CVE-2025-20393, which has been actively exploited for at least a month. The flaw affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances, allowing attackers to execute arbitrary commands with root privileges. Cisco first detected attacks targeting these appliances on December 10.
ThreatCluster AI