Vulnerability Analysis
Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability
CVE-2025-20393
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
CISA KEV
CVSS Base Score
10.0
CRITICAL
Exploitability:3.9
Impact Score:6.1
Temporal Score:-
EPSS:29.06%
Threat Intelligence Signals
CISA KEV
YES
KEV Date Added
2025-12-17
Ransomware Use
Unknown
KEV Due Date
2025-12-24
VulnCheck In-the-Wild
No
Nuclei Template
No
EPSS Score
29.060%
EPSS Percentile
97.9th pct
GHSA ID
GitHub Severity
CRITICAL
Identity & Timeline
| Status | - |
| Assigning Authority | - |
| CVSS Version / Source | - |
| Reserved | - |
| Published | - |
| Patch Date (date_public) | - |
| Exploit DB Date | - |
| First GitHub PoC Date | - |
| Last Updated | - |
| Time to Patch (Days to fix) | - |
| Exploit Release Gap | - |
| PoC Release Gap | - |
| Exploit DB References | None identified |
Affected Products & Versions
| Vendor | Product | Affected Versions |
|---|---|---|
| No affected products specified. | ||
Social Buzz