Cisco’s Critical Vulnerability Exploited by Hackers Since 2023
Cisco, a leading provider of networking solutions, has disclosed that a critical vulnerability in its Catalyst SD-WAN products has been actively exploited by hackers since 2023. This flaw, assigned the highest severity score of 10.0, enables unauthorized remote access to affected networks, granting attackers full control over the devices. Such access allows for prolonged surveillance and data exfiltration without detection.
The Catalyst SD-WAN products are integral to large enterprises and government agencies, facilitating the connection of private networks across extensive distances. The exploitation of this vulnerability poses significant risks, especially to critical infrastructure sectors, which encompass essential services like power grids, water supply systems, and transportation networks.
Upon identifying the vulnerability, Cisco’s security team traced evidence of its exploitation back to 2023. In response, multiple governments, including those of Australia, Canada, New Zealand, the United Kingdom, and the United States, have issued alerts emphasizing the global nature of these cyber threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all civilian federal agencies apply the necessary patches by the end of the week, citing an imminent threat and unacceptable risk to national security.
While the specific perpetrators behind these attacks remain unidentified, Cisco and governmental bodies have been monitoring a particular activity cluster labeled UAT-8616. This incident underscores the persistent challenges in cybersecurity, especially concerning vulnerabilities in widely used networking equipment.
In a related development, Cisco previously addressed a similar high-severity vulnerability in December 2025. This flaw, also rated 10.0, was found in the AsyncOS software that operates across many of Cisco’s products and was actively exploited to infiltrate customer networks.
These recurring vulnerabilities highlight the critical importance of proactive cybersecurity measures. Organizations are urged to stay vigilant, promptly apply security patches, and implement comprehensive monitoring systems to detect and mitigate potential breaches.
