Cisco Potential Vulnerability Investigation (CVE-2025-20393)
CVE-2025-20393 Published on December 17, 2025
Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges.
This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
Known Exploited Vulnerability
This Cisco Multiple Products Improper Input Validation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.
The following remediation steps are recommended / required by December 24, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2025-20393 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors in an automatable fashion. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Affected Versions
Cisco Secure Email:- Version 14.0.0-698 is affected.
- Version 13.5.1-277 is affected.
- Version 13.0.0-392 is affected.
- Version 14.2.0-620 is affected.
- Version 13.0.5-007 is affected.
- Version 13.5.4-038 is affected.
- Version 14.2.1-020 is affected.
- Version 14.3.0-032 is affected.
- Version 15.0.0-104 is affected.
- Version 15.0.1-030 is affected.
- Version 15.5.0-048 is affected.
- Version 15.5.1-055 is affected.
- Version 15.5.2-018 is affected.
- Version 16.0.0-050 is affected.
- Version 15.0.3-002 is affected.
- Version 16.0.0-054 is affected.
- Version 15.5.3-022 is affected.
- Version 16.0.1-017 is affected.
- Version 13.6.2-023 is affected.
- Version 13.6.2-078 is affected.
- Version 13.0.0-249 is affected.
- Version 13.0.0-277 is affected.
- Version 13.8.1-052 is affected.
- Version 13.8.1-068 is affected.
- Version 13.8.1-074 is affected.
- Version 14.0.0-404 is affected.
- Version 12.8.1-002 is affected.
- Version 14.1.0-227 is affected.
- Version 13.6.1-201 is affected.
- Version 14.2.0-203 is affected.
- Version 14.2.0-212 is affected.
- Version 12.8.1-021 is affected.
- Version 13.8.1-108 is affected.
- Version 14.2.0-224 is affected.
- Version 14.3.0-120 is affected.
- Version 15.0.0-334 is affected.
- Version 15.5.1-024 is affected.
- Version 15.5.1-029 is affected.
- Version 15.5.2-005 is affected.
- Version 16.0.0-195 is affected.
- Version 15.5.3-017 is affected.
- Version 16.0.1-010 is affected.
- Version 15.0.1-035 is affected.
- Version 16.0.2-088 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.