Cisco has finally shipped security updates for its Email Security Gateway and Secure Email and Web Manager devices, which fix CVE-2025-20393, a vulnerability in the devices’ AsyncOS that has been exploited as a zero-day by suspected Chinese attackers since at least late November 2025. The company revealed the flaw’s existence and in-the-wild exploitation on December 17, 2025, and urged customers to check whether their appliances had been breached and to rebuild them in case of … More →
The post Cisco fixes AsyncOS vulnerability exploited in zero-day attacks (CVE-2025-20393) appeared first on Help Net Security.
http://news.poseidon-us.com/TQNnpS
