← back
CVE-2025-20393

Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

CVSS 10 CRITICALEPSS 29.1%● KEVCWE-20
Vexday Risk Score
83Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 10EPSS 29.1%KEV simPoC públicaNuclei Metasploit Patch
Lifecycle
17 Dec 2025Active exploitation (CISA KEV)
17 Dec 2025Published on NVD
18 Dec 2025Public PoC
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Cisco's email security appliances allows an attacker to send a specially crafted web request and take complete control of the device, running any command as the administrator. This is critical because these devices protect entire organizations' email.

Technical detail

Insufficient HTTP request validation in the Spam Quarantine feature enables unauthenticated remote command execution with root privileges. An attacker sends a malicious HTTP request to the affected appliance; no authentication or special conditions are required. Successful exploitation grants complete system compromise.

Summary generated and translated by AI from the official description.
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Cisco · Cisco Secure EmailCisco · Cisco Secure Email and Web Manager
public PoCs found5
githubgithub.com/StasonJatham/cisco-sa-sma-attack-N9bf422githubgithub.com/cyberleelawat/CVE-2025-203932githubgithub.com/KingHacker353/CVE-2025-203930githubgithub.com/redpack-kr/Blackash-CVE-2025-203930githubgithub.com/cyberdudebivash/CYBERDUDEBIVASH-Cisco-AsyncOS-CVE-2025-20393-Scanner0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393