Cisco Warns of Chinese Hackers Exploiting New Zero-Day Vulnerability
Cisco warns of a critical zero-day vulnerability being exploited by Chinese hackers, targeting Cisco AsyncOS software in Secure Email Gateway and Web Manager products. With no patches available, affected customers must wipe and rebuild their systems to remove backdoors
On Wednesday, Cisco revealed that hackers are exploiting a critical vulnerability in some of its most popular products, allowing attackers to take over affected devices fully. Unfortunately, there are no available patches to fix the issue at this time.
In a security advisory, Cisco announced on December 10 that it had discovered a hacking campaign targeting Cisco AsyncOS software. Specifically, the campaign targets the physical and virtual appliances Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager. According to Cisco, the affected devices have the "Spam Quarantine" feature enabled and are reachable from the internet.
Cisco clarified that this feature is not enabled by default and does not need to be exposed to the internet, which may reduce the attack surface. Michael Taggart, a senior cybersecurity researcher at UCLA Health Sciences, told TechCrunch that the requirement for an internet-facing management interface, along with specific features being enabled, will help limit the vulnerability's impact.
However, security researcher Kevin Beaumont expressed concerns about the seriousness of the hacking campaign. He noted that large organisations widely use the affected products, that no patches are available, and that it remains unclear how long hackers have maintained backdoors in the systems. As of now, Cisco has not disclosed how many customers are impacted.
When contacted by TechCrunch, Cisco spokesperson Meredith Corley declined to answer several questions, stating only that the company is "actively investigating the issue and developing a permanent remediation."
Since no patches are available at this time, Cisco recommends that affected customers wipe and rebuild the software on their affected products. Cisco wrote, "In case of confirmed compromise, rebuilding the appliances is, currently, the only viable option to eradicate the threat actors' persistence mechanism from the appliance."
The hackers behind this campaign are believed to be linked to China and other known Chinese government-affiliated hacking groups, according to Cisco Talos, the company's threat intelligence research team. In China, Talos confirmed that the hackers are exploiting the zero-day vulnerability to install persistent backdoors. The campaign has reportedly been ongoing since at least late November 2025.Cisco
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
