CVE-2025-20393 Exploitation: A Maximum-Severity Zero-Day Vulnerability in Cisco AsyncOS Software Abused in Attacks by the China-Backed APT UAT-9686 

The report details an active, high-severity zero-day (CVE-2025-20393, CVSS 10.0) in Cisco AsyncOS being exploited in the wild by a China-linked APT tracked as UAT-9686 to gain root command execution and persistence on affected Secure Email Gateway and Secure Email and Web Manager appliances; attackers have deployed tunneling tools (AquaTunnel/Chisel), a log-cleaning utility (AquaPurge), and a Python backdoor (AquaShell). Cisco and CISA have issued guidance and KEV listing, and vendors recommend isolating or rebuilding exposed appliances and applying mitigations until a patch is available.