Have you ever wondered how cyberattacks can affect your digital security on a daily basis? Imagine that a simple bug could open the door to malicious intrusions. That’s exactly what happened recently with Cisco’s technology. The company faced a critical vulnerability in its AsyncOS system, which was exploited for weeks before a solution was implemented. Let’s dive into the details of this case that shook the cybersecurity world.
The 3 must-know facts
- Cisco fixed a very critical vulnerability with a CVSS score of 10.0 in AsyncOS.
- The flaw affected Cisco’s Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) devices.
- The only solution to remedy this flaw is to install the software updates released by Cisco.
Critical vulnerability of Cisco AsyncOS
The vulnerability, identified as CVE-2025-20393, was discovered on December 17, 2025. Its CVSS score of 10.0 indicates that it is extremely severe. This flaw allowed malicious actors to execute system commands on affected devices, notably due to a weakness in handling HTTP requests within the spam quarantine function.
Products affected by the flaw
The devices affected by this vulnerability include Cisco’s Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM). These devices operate under the AsyncOS system, which was targeted by attacks aiming to exploit this flaw.
Update and recommendations from Cisco
Cisco has released software updates to fix this vulnerability. The company strongly recommends that its customers apply these patches as soon as possible to prevent any further exploitation. The new versions of AsyncOS also remove malicious files installed during previous attacks.
There are no alternative solutions for this flaw, and Cisco advises users to completely restore their systems with the company’s help if a compromise has already occurred.
Background on Cisco
Cisco Systems, Inc. is an American company specializing in networking and IT security solutions, founded in 1984. It is globally recognized for its networking equipment such as routers, switches, and security systems. Cisco has always been at the forefront of technological innovation and strives to ensure the security of its products against ever-evolving digital threats.
In terms of security, Cisco is known for responding quickly to vulnerabilities discovered in its products. The company is committed to a proactive approach to anticipate threats and protect its customers worldwide.
Source: