Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

INFO

Published Date :

2025-02-05T16:14:30.863Z

Last Modified :

2025-02-05T17:00:15.021Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2025-20184 vulnerability.

Vendors Products
Cisco
  • Asyncos
  • Secure Email Gateway C195
  • Secure Email Gateway C395
  • Secure Email Gateway C695
  • Secure Email Gateway Virtual Appliance C100v
  • Secure Email Gateway Virtual Appliance C300v
  • Secure Email Gateway Virtual Appliance C600v
  • Secure Web Appliance S196
  • Secure Web Appliance S396
  • Secure Web Appliance S696
  • Secure Web Appliance Virtual S1000v
  • Secure Web Appliance Virtual S100v
  • Secure Web Appliance Virtual S300v
  • Secure Web Appliance Virtual S600v
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20184.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact