China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

Cisco has patched a critical AsyncOS vulnerability (CVE-2025-20393) that was exploited as a zero-day by the China-linked APT group UAT-9686 to gain root access and install persistence mechanisms like the AquaShell backdoor on Secure Email Gateway and Secure Email and Web Manager appliances.