Patch now! Critical Cisco vulnerability exploited since December 2025
Attackers compromise Cisco Secure Email Gateway and Secure Email and Web Manager via a root vulnerability. Security updates are now available.
(Image: solarseven/Shutterstock.com)
Network equipment supplier Cisco has finally released a security patch for Secure Email Gateway and Secure Email and Web Manager, closing a vulnerability that has been exploited since December of last year. If attacks are successful, attackers gain root privileges and take full control of instances.
Background
The security vulnerability (CVE-2025-20393) is considered “critical” and is rated with the highest possible CVSS score of 10 out of 10. Cisco states that it observed an attack campaign as early as December 10, 2025. At that time, there was no security update yet, and administrators had to protect their networks with a temporary solution. The network equipment supplier has now supplemented its warning message with details about the vulnerability and information on versions secured against the attacks.
Videos by heise
The vulnerability affects AsyncOS for Cisco Secure Email Gateway and Secure Email and Web Manager. In the revised warning message, the developers speak of a limited number of devices for which certain ports are publicly accessible. According to a report by Cisco Talos security researchers, the attacks are attributed to a Chinese APT group. The exact extent of the attacks is currently unclear. The network equipment supplier states that attackers establish a backdoor for further access on compromised systems.
Secure instances now
To prevent this, administrators must immediately install one of the following AsyncOS versions secured against the described attack:
- Email Security Gateway:
15.0.5-016
15.5.4-012
16.0.4-016
- Secure Email and Web Manager:
15.0.2-007
15.5.4-007
16.0.4-010
(des)
