Cisco has issued a critical warning regarding active exploitation of an unpatched 0-day vulnerability within its AsyncOS software. This vulnerability affects Cisco Email Security Appliances (ESA) and Cisco Secure Email Gateway products. The active attacks leverage this flaw, posing a significant risk to organizations utilizing these security solutions.

Understanding the AsyncOS 0-Day Vulnerability

The specific vulnerability is identified as a command injection flaw. This type of vulnerability allows an attacker to execute arbitrary commands on the affected system with root privileges. The unauthorized access can lead to a complete compromise of the appliance, enabling attackers to control the system, extract sensitive information, or disrupt email security operations. Cisco’s advisory confirms that the vulnerability is actively being exploited in the wild, underscoring the immediate threat.

Immediate Actions and Mitigation Guidance

As of the warning, a patch for this 0-day vulnerability is not yet available. Cisco has provided interim mitigation measures and workarounds to help customers protect their deployments. Organizations are advised to review Cisco’s official security advisory for detailed guidance on detecting potential compromise and applying recommended mitigations. Vigilance and adherence to the recommended temporary solutions are crucial to minimize exposure to these ongoing active attacks until a permanent fix is released.

Source: https://thehackernews.com/2025/12/cisco-warns-of-active-attacks.html