A newly discovered cyber threat is putting several widely used enterprise security products at risk, with no immediate fix available.
Cisco has confirmed that hackers linked to China are actively exploiting a critical zero day vulnerability in certain Cisco AsyncOS based products. The issue allows attackers to fully take control of affected devices, and no security patch has been released so far.
The company said it identified the hacking campaign on December 10. The attacks are targeting Cisco Secure Email Gateway, Cisco Secure Email, and Web Manager appliances, both physical and virtual. According to Cisco, the vulnerability affects systems where the Spam Quarantine feature is enabled and the device is accessible from the internet.
Cisco noted that Spam Quarantine is not enabled by default and does not need to be internet facing. Cybersecurity researcher Michael Taggart said that “the requirement of an internet-facing management interface and certain features being enabled will limit the attack surface for this vulnerability.”
Despite this, security researcher Kevin Beaumont warned that the campaign is serious due to the widespread use of the affected products, the lack of a patch, and uncertainty around how long attackers may have maintained access.
Cisco has not disclosed how many customers are impacted. A company spokesperson said Cisco “is actively investigating the issue and developing a permanent remediation.”
For now, Cisco is advising affected customers to wipe and rebuild the compromised systems. The company said, “In case of confirmed compromise, rebuilding the appliances is, currently, the only viable option to eradicate the threat actors persistence mechanism from the appliance.”
Cisco Talos linked the attacks to Chinese state associated hacking groups and said the vulnerability has been used to install persistent backdoors since at least late November 2025.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
