Cisco (CSCO) on Dec. 25, 2025: AI networking tailwinds meet an urgent email-security zero-day
Cisco is closing the year with two forces pulling in opposite directions. AI-fueled networking demand is lifting FY2026 expectations, while an actively exploited zero-day is pressuring security and operations teams right now.
For government and enterprise leaders, this split story matters. It touches budgets, risk posture, and procurement timing heading into Q1-Q2 2026.
The urgent issue: CVE-2025-20393 hitting Cisco email security appliances
A critical, actively exploited vulnerability (CVSS 10.0) affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager under specific conditions-most notably when Spam Quarantine is enabled and exposed to the internet. It's not enabled by default, but exposed systems have been targeted.
Cisco Talos links activity (moderate confidence) to a Chinese-nexus actor, UAT-9686, using a backdoor dubbed "AquaShell," plus tools for reverse tunneling and log clearing. Activity dates back to late November; Cisco became aware on Dec. 10.
The issue appears in CISA's KEV workflow with a 12/24/2025 due date. Required action: apply vendor mitigations or discontinue use if mitigations aren't available.
- Immediate actions (CISO/CIO): Identify any AsyncOS-based Cisco email appliances with Spam Quarantine enabled and internet-exposed. If exposed, assume compromise: isolate, review logs, rotate credentials, inspect for egress tunnels, and consider clean rebuilds.
- Control and visibility: Enforce least privilege on management interfaces, restrict exposure, enable comprehensive logging, and verify central collection. Document findings for auditors and regulators.
- Governance: Track KEV timelines, brief executives, and coordinate with sector ISACs. If mitigations are not viable, prepare contingency plans (service discontinuation or alternative controls).
View the NVD entry for CVE-2025-20393
FY2026 outlook: AI spend lifts guidance
Cisco raised guidance on the back of AI infrastructure demand. Management expects Q2 FY2026 revenue of $15.0B-$15.2B and non-GAAP EPS of $1.01-$1.03; FY2026 revenue of $60.2B-$61.0B and non-GAAP EPS of $4.08-$4.14. Tariff impacts are baked into margin/EPS assumptions.
Q1 FY2026 results: $14.9B revenue (up 8% YoY), non-GAAP EPS $1.00 (up 10% YoY), and product orders up 13% YoY, with networking orders rising double digits for the fifth straight quarter.
- AI demand signals: $1.3B in hyperscaler AI infrastructure orders in Q1; management expects ~$3B in AI infrastructure revenue in FY2026 and cites a pipeline above $2B.
- Enterprise refresh: Cisco points to a multi-year campus refresh cycle, driven by new switches, secure routing, and Wi-Fi 7, as AI workloads lift internal traffic and resilience needs.
Cisco newsroom: earnings, guidance, and product updates
Product and strategy moves leaders should track
- Unified Edge: An on-prem edge AI platform aimed at local inference in retail, factories, and healthcare, with Verizon cited as an early adopter.
- P200 chip + long-haul AI interconnect: New routing silicon and systems to link AI data centers across geographies, with Microsoft and Alibaba units noted as customers.
- NVIDIA partnership (N9100): A partner-developed data center switch based on NVIDIA Spectrum-X Ethernet silicon, aligned to neocloud/sovereign cloud reference architectures.
- Quantum-cloud tooling: Software to connect quantum systems from different vendors under one cloud workflow by splitting problems across machines.
M&A: expanding AI and Splunk-adjacent value
- NeuralFabric: Domain-specific small language models for generative AI use cases.
- EzDubs: Real-time AI speech-to-speech translation.
- Aura Asset Intelligence: A Splunk app that strengthens asset/identity discovery and relationship mapping; Cisco closed a related deal in Q1 FY2026.
What this means for government and executive teams
Bull case: AI networking spend, a campus refresh cycle, and early traction with hyperscalers and enterprises could support growth in a mature category. Security and observability layers may add recurring revenue and stickiness.
Bear case: Execution risk in AI networking, pricing pressure, tariff uncertainty, and the current zero-day-especially if remediation burdens are high-can slow deals and raise operating cost.
Watch list for Q1-Q2 2026
- Security: CVE-2025-20393 mitigation progress, added indicators of compromise, and any follow-on vulnerabilities in AsyncOS appliances.
- Revenue mix: Conversion of AI orders into recognized revenue; updates on the $3B AI infrastructure target.
- Adoption: Customer uptake of P200, N9100, and Unified Edge across public sector, sovereign cloud, and large enterprise.
- Integration: Evidence that NeuralFabric, EzDubs, and Aura strengthen Cisco's platform story with Splunk.
Practical next steps for public sector and enterprise leaders
- Security now: Triage exposure to CVE-2025-20393, isolate affected systems, and execute playbooks for rebuilds and credential rotation. Log everything and prepare regulator-ready documentation.
- Network planning: Rebaseline campus capacity for AI-driven traffic (east-west and egress), prioritize Wi-Fi 7 and high-performance switching where latency impacts mission outcomes.
- Procurement: Add language to RFPs that requires vendor-provided KEV response SLAs, clear mitigation paths for perimeter appliances, and support for open OS options (NX-OS/SONiC) where relevant.
- Reporting: Track KPIs that map to business value: time-to-containment for appliance incidents, AI workload performance targets, and capex tied to AI interconnect projects.
Bottom line: Cisco heads into 2026 with clear AI-driven demand and higher guidance-but the email-security zero-day is a real-time test of operational resilience. Treat it as both a security incident and a governance exercise that informs how you buy, secure, and run critical infrastructure next year.
If you're upskilling teams on AI infrastructure, networking, or security, review role-based learning paths: AI Learning Path for Training & Development Managers, AI Learning Path for Technology Managers, and AI Learning Path for CIOs.
Your membership also unlocks:
