Cisco confirmed active exploitation of a zero-day vulnerability, CVE-2025-20393, rated 10.0 severity with no patch available, by a China-linked advanced persistent threat (APT) group targeting AsyncOS on email security appliances, according to an X post by The Hacker News shared over the past 90 minutes during the reporting window from 4:17 AM to 5:46 AM UTC on December 18, 2025. The flaw enables root-level command execution and allows attackers to establish persistence on affected appliances, as detailed in The Hacker News post linking to Cisco's advisory at https://thehackernews.com/2025/12/cisco-warns-of-active-attacks.html. Cisco provided details and mitigations in the referenced advisory, with the X post issued from https://x.com/TheHackersNews/status/2001505744739565885 within the specified one-hour-28-minute period.
