Cisco AsyncOS Auth Flaw: Remote Access Leads to Root Priv Escal
CVE-2025-20185 Published on February 5, 2025

Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability
A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

NVD

Vulnerability Analysis

CVE-2025-20185 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

Execution with Unnecessary Privileges

The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

Products Associated with CVE-2025-20185

Want to know whenever a new CVE is published for Cisco Asyncos? stack.watch will email you.

Cisco Asyncos

Affected Versions

Cisco Secure Email:

Version 14.0.0-698 is affected.
Version 13.5.1-277 is affected.
Version 13.0.0-392 is affected.
Version 14.2.0-620 is affected.
Version 13.0.5-007 is affected.
Version 13.5.4-038 is affected.
Version 14.2.1-020 is affected.
Version 14.3.0-032 is affected.
Version 15.0.0-104 is affected.
Version 15.0.1-030 is affected.
Version 15.5.0-048 is affected.
Version 15.5.1-055 is affected.
Version 15.5.2-018 is affected.
Version 15.0.3-002 is affected.

Cisco Secure Email and Web Manager:

Version 13.6.2-023 is affected.
Version 13.6.2-078 is affected.
Version 13.0.0-249 is affected.
Version 13.0.0-277 is affected.
Version 13.8.1-052 is affected.
Version 13.8.1-068 is affected.
Version 13.8.1-074 is affected.
Version 14.0.0-404 is affected.
Version 12.8.1-002 is affected.
Version 14.1.0-227 is affected.
Version 13.6.1-201 is affected.
Version 14.2.0-203 is affected.
Version 14.2.0-212 is affected.
Version 12.8.1-021 is affected.
Version 13.8.1-108 is affected.
Version 14.2.0-224 is affected.
Version 14.3.0-120 is affected.
Version 15.0.0-334 is affected.
Version 15.5.1-024 is affected.
Version 15.5.1-029 is affected.
Version 15.5.2-005 is affected.

Cisco Secure Web Appliance:

Version 11.8.0-453 is affected.
Version 12.5.3-002 is affected.
Version 12.0.3-007 is affected.
Version 12.0.3-005 is affected.
Version 14.1.0-032 is affected.
Version 14.1.0-047 is affected.
Version 14.1.0-041 is affected.
Version 12.0.4-002 is affected.
Version 14.0.2-012 is affected.
Version 11.8.0-414 is affected.
Version 12.0.1-268 is affected.
Version 11.8.1-023 is affected.
Version 11.8.3-021 is affected.
Version 11.8.3-018 is affected.
Version 12.5.1-011 is affected.
Version 11.8.4-004 is affected.
Version 12.5.2-007 is affected.
Version 12.5.2-011 is affected.
Version 14.5.0-498 is affected.
Version 12.5.4-005 is affected.
Version 12.5.4-011 is affected.
Version 12.0.5-011 is affected.
Version 14.0.3-014 is affected.
Version 12.5.5-004 is affected.
Version 12.5.5-005 is affected.
Version 12.5.5-008 is affected.
Version 14.0.4-005 is affected.
Version 14.5.1-008 is affected.
Version 14.5.1-016 is affected.
Version 15.0.0-355 is affected.
Version 15.0.0-322 is affected.
Version 12.5.6-008 is affected.
Version 15.1.0-287 is affected.
Version 14.5.2-011 is affected.
Version 15.2.0-116 is affected.
Version 14.0.5-007 is affected.
Version 15.2.0-164 is affected.
Version 14.5.1-510 is affected.
Version 12.0.2-012 is affected.
Version 12.0.2-004 is affected.
Version 14.5.1-607 is affected.
Version 14.5.3-033 is affected.
Version 15.0.1-004 is affected.
Version 15.2.1-011 is affected.
Version 14.5.0-673 is affected.
Version 14.5.0-537 is affected.
Version 12.0.1-334 is affected.
Version 14.0.1-503 is affected.
Version 14.0.1-053 is affected.
Version 11.8.0-429 is affected.
Version 14.0.1-040 is affected.
Version 14.0.1-014 is affected.
Version 12.5.1-043 is affected.

Exploit Probability

EPSS

0.03%

Percentile

9.19%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.