Chinese-Backed Hackers Target CISCO Customers
Cybersecurity researchers have warned that hundreds of corporate customers of CISCO have been put at risk in a new campaign allegedly carried out by a Chinese government-backed hacking group. CISCO said on Wednesday that the attackers are exploiting a zero-day vulnerability found in some of its popular enterprise products. TechCrunch reported the development.
According to Piotr Kijewski, Chief Executive Officer of the non-profit Shadowserver Foundation, the number of vulnerable systems is not in the thousands but limited to a few hundred. He noted that the attacks are targeted rather than widespread.
The vulnerability, officially designated CVE-2025-20393, has been identified in several CISCO products, including CISCO Secure Email Gateway and Secure Email and Web Manager.
Cybersecurity firm Censys reported that it has identified at least 220 internet-exposed Cisco email gateways that are currently at risk. CISCO said the vulnerability affects systems that are accessible from the internet and have the “spam quarantine” feature enabled—though the feature is not enabled by default.
The most serious concern is that no security patch is currently available to address the flaw. CISCO has advised affected customers to completely wipe compromised systems and securely restore them. Cisco’s threat intelligence unit, Talos, said the hacking campaign has been ongoing since at least late November 2025.
DBTech/BMT/OR
