Cisco Patches Critical Zero-Day Vulnerability in AsyncOS Exploited by Chinese APT Group

Cisco has fixed a critical vulnerability in AsyncOS, identified as CVE-2025-20393 (CVSS score 10.0), affecting its Secure Email Gateway and Email and Web Manager products. This flaw was exploited as a zero-day by the Chinese APT group UAT-9686 before being patched. The vulnerability impacted Cisco’s email security solutions, though no further details about the attacks or their precise impacts were provided. No exact dates for the patch or exploitation were mentioned.