Cisco has confirmed that a group of hackers associated with the Chinese government is exploiting an unknown vulnerability to compromise its enterprise clients.

Although Cisco has not specified how many organizations have already been affected, independent researchers estimate that the number of affected customers is in the hundreds. The vulnerability, known as CVE-2025-20393, is classified as a zero-day, meaning it was discovered and exploited before Cisco could release a fix. Data from Shadowserver shows that the affected systems are located in countries such as India, Thailand, and the United States. Cisco stated that the issue affects products such as Secure Email Gateway and Secure Email and Web Manager, being vulnerable only if they are directly accessible from the internet and have the "spam quarantine" feature enabled. Although there is currently no security patch available, Cisco recommends that affected organizations wipe the compromised devices and restore them to a known safe state.