Summary
- New Platform API endpoints to list active threats and retrieve credit information for Free users.
- One new Rapid Response advisory for CVE-2025-20393, which affects Cisco Secure Email Gateways.
- One new software fingerprint for Flowise servers.
Platform
- Use the get Free user credit details API endpoint to retrieve your Free user account credit balance and refresh information.
Threat Hunting
- Use the list active threats API endpoint to get a list of active threats observed by Censys.
- Threats are active if their fingerprint has been identified on hosts or web properties by Censys scans.
- This endpoint is available to organizations that have access to the Threat Hunting module.
Rapid Response
The Censys Rapid Response team published information about and queries for the following issue.
- Cisco Secure Email Gateway AsyncOS Zero-Day Exploited in the Wild [CVE-2025-20393]
- The following queries can be used to identify exposed Cisco Secure Email Gateways. These are not necessarily vulnerable to this CVE. Only appliances with the Spam Quarantine feature enabled are affected. Review any exposed ESA instances in your environment to determine whether Spam Quarantine is enabled; by default, this feature is associated with TCP ports 80, 82, 83, and 6025.
New fingerprints
Added the following fingerprint.
| Type | Name | Description | Query |
|---|---|---|---|
| software | Flowise | This is a Flowise Server. | Platform query |