CVE-2025-20393

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20393
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393 US Government Resource
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
OR cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_gateway_c195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_gateway_c395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_gateway_c695:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
OR cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*
History

15 Jan 2026, 17:16

Type Values Removed Values Added
Summary (en) Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available. (en) A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

18 Dec 2025, 15:41

Type Values Removed Values Added
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 - Vendor Advisory
References () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393 - () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393 - US Government Resource
CPE cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_gateway_c695:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_gateway_c195:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_gateway_c395:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:*:*:*:*:*:*:*
First Time Cisco secure Email And Web Manager M690x
Cisco secure Email And Web Manager M690
Cisco secure Email And Web Manager M170
Cisco secure Email And Web Manager Virtual Appliance M100v
Cisco secure Email And Web Manager M195
Cisco secure Email Gateway Virtual Appliance C600v
Cisco asyncos
Cisco
Cisco secure Email And Web Manager Virtual Appliance M600v
Cisco secure Email Gateway C695
Cisco secure Email And Web Manager M395
Cisco secure Email And Web Manager M390x
Cisco secure Email And Web Manager M390
Cisco secure Email And Web Manager Virtual Appliance M300v
Cisco secure Email Gateway C395
Cisco secure Email And Web Manager M695
Cisco secure Email And Web Manager M680
Cisco secure Email And Web Manager M190
Cisco secure Email Gateway Virtual Appliance C100v
Cisco secure Email And Web Manager M380
Cisco secure Email Gateway C195
Cisco secure Email Gateway Virtual Appliance C300v

17 Dec 2025, 21:15

Type Values Removed Values Added
References
  • () https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393 -

17 Dec 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-12-17 17:15

Updated : 2026-01-16 14:00

NVD link : CVE-2025-20393

Mitre link : CVE-2025-20393

CVE.ORG link : CVE-2025-20393

JSON object : View

Products Affected

cisco

  • secure_email_gateway_c395
  • secure_email_and_web_manager_m680
  • secure_email_and_web_manager_virtual_appliance_m300v
  • secure_email_and_web_manager_m695
  • secure_email_and_web_manager_m690x
  • secure_email_gateway_c695
  • asyncos
  • secure_email_and_web_manager_m395
  • secure_email_gateway_virtual_appliance_c300v
  • secure_email_and_web_manager_virtual_appliance_m600v
  • secure_email_and_web_manager_m390
  • secure_email_and_web_manager_m170
  • secure_email_gateway_virtual_appliance_c100v
  • secure_email_and_web_manager_virtual_appliance_m100v
  • secure_email_gateway_c195
  • secure_email_and_web_manager_m195
  • secure_email_gateway_virtual_appliance_c600v
  • secure_email_and_web_manager_m380
  • secure_email_and_web_manager_m190
  • secure_email_and_web_manager_m690
  • secure_email_and_web_manager_m390x
CWE
CWE-20

Improper Input Validation