A critical flaw in Cisco’s security software is being actively weaponized. Hackers linked to China are exploiting the vulnerability to gain total control of email gateway devices. This campaign was confirmed by Cisco on Wednesday, December 17, 2025.

The tech giant has no available patch for the issue. This leaves many organizations vulnerable to complete system takeover. Cisco is urging affected customers to take immediate action.

Targeted Products and Limited Attack Surface

The exploit targets Cisco AsyncOS software. Specifically, it impacts Secure Email Gateway appliances and Web Manager. According to Cisco, the attack requires a specific feature called “Spam Quarantine” to be enabled and internet-facing.

This configuration is not the default setting. Security experts note this may limit the number of vulnerable systems. Michael Taggart, a senior cybersecurity researcher, told TechCrunch this requirement reduces the attack surface.

However, the risk remains severe for exposed organizations. Researcher Kevin Beaumont highlighted the campaign’s severity. He noted the widespread use of these products and the absence of a fix.

Ongoing Campaign and Recommended Response

Cisco’s threat intelligence team, Talos, attributes the attacks to a Chinese state-linked group. The campaign has been ongoing since at least late November 2025. Hackers are using the flaw to install persistent backdoors on compromised devices.

The company’s current advice is drastic. Cisco states that rebuilding appliances is the only sure eradication method. A permanent software fix is still under development.

The long-term impact on affected businesses could be significant. Data theft and prolonged network access are major concerns. Cisco has not disclosed how many customers have been impacted.

Organizations using Cisco Secure Email Gateway must check their configurations immediately. The ongoing exploitation of this Cisco zero-day represents a severe and immediate threat to enterprise security. Proactive mitigation is the only current defense.

A quick knowledge drop for you

What Cisco products are affected by this zero-day?

The vulnerability impacts physical and virtual appliances running Cisco AsyncOS. This includes Cisco Secure Email Gateway and Cisco Secure Web Manager. Devices must have the “Spam Quarantine” feature enabled and be internet-facing.

Is there a patch available for this Cisco flaw?

No, there is no software patch available from Cisco at this time. The company is investigating and developing a permanent fix. Their current guidance for compromised devices is to completely wipe and rebuild the appliance.

Who is behind the hacking campaign?

Cisco Talos has linked the activity to hackers associated with China. The group is believed to be a known Chinese state-sponsored threat actor. The campaign for this Cisco zero-day has been active since late November.

How can organizations protect themselves right now?

Companies should verify if their management interfaces are exposed to the internet. They should also check if the non-default “Spam Quarantine” feature is enabled. Isolating affected appliances from the internet is a critical temporary step.

Why is this vulnerability considered so critical?

The flaw allows unauthorized remote attackers to gain full control of the device. This level of access enables data theft and persistent network presence. The lack of an immediate patch escalates the threat level significantly.

iNews covers the latest and most impactful stories across entertainment, business, sports, politics, and technology, from AI breakthroughs to major global developments. Stay updated with the trends shaping our world. For news tips, editorial feedback, or professional inquiries, please email us at [email protected].

Get the latest news and Breaking News first by following us on Google News, Twitter, Facebook, Telegram , and subscribe to our YouTube channel.