CVE-2025-20393

CRITICAL CISA KEV EPSS 97.9%

Published Dec 17, 20256mo ago · Modified Jun 17, 20261w ago

10.0 CVSS 3.1

Critical

Find Similar

Published Dec 17, 2025 6mo ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Dec 17, 2025 6mo ago

KEV Due Dec 24, 2025 188d overdue

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

CVSS Details

Base Score

10.0

Exploitability

3.9

Impact

6.0

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

CISA Known Exploited Overdue 188d

Added: Dec 17, 2025
Due: Dec 24, 2025

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

97.9% percentile

Exploit & Patch Status

Actively Exploited (KEV)

No Patch Available

Weaknesses 1

CWE-20 Improper Input Validation Validation

Affected Products 26

Vendor	Product	Version	Range
cisco	asyncos	*	<15.0.5-016
cisco	asyncos	*	≥15.5 – <15.5.4-012
cisco	asyncos	*	≥16.0 – <16.0.4-016
cisco	secure_email_gateway_virtual_appliance_c100v	*	any
cisco	secure_email_gateway_virtual_appliance_c300v	*	any
cisco	secure_email_gateway_virtual_appliance_c600v	*	any
cisco	secure_email_gateway_c195	*	any
cisco	secure_email_gateway_c395	*	any
cisco	secure_email_gateway_c695	*	any
cisco	asyncos	*	<15.0.2-007
cisco	asyncos	*	≥15.5 – <15.5.4-007
cisco	asyncos	*	≥16.0 – <16.0.4-010
cisco	secure_email_and_web_manager_virtual_appliance_m100v	*	any
cisco	secure_email_and_web_manager_virtual_appliance_m300v	*	any
cisco	secure_email_and_web_manager_virtual_appliance_m600v	*	any
cisco	secure_email_and_web_manager_m170	*	any
cisco	secure_email_and_web_manager_m190	*	any
cisco	secure_email_and_web_manager_m195	*	any
cisco	secure_email_and_web_manager_m380	*	any
cisco	secure_email_and_web_manager_m390	*	any
cisco	secure_email_and_web_manager_m390x	*	any
cisco	secure_email_and_web_manager_m395	*	any
cisco	secure_email_and_web_manager_m680	*	any
cisco	secure_email_and_web_manager_m690	*	any
cisco	secure_email_and_web_manager_m690x	*	any
cisco	secure_email_and_web_manager_m695	*	any

References 2

sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

Vendor Advisory
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393

US Government Resource

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.