On December 10, Cisco became aware of a new cyberattack campaign targeting a limited subset of appliances with certain ports open to the internet that are running Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. This attack allows the threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. The ongoing investigation has revealed evidence of a persistence mechanism planted by the threat actors to maintain a degree of control over compromised appliances.
Cisco strongly recommends that customers follow the guidance provided in the Recommendations section of the security advisory in order to assess exposure and mitigate risks. For more information, see the Recommendations section of this advisory.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
Security Impact Rating: Critical
CVE: CVE-2025-20393
http://news.poseidon-us.com/TPss8S
