CVE-2025-20393

Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

Description

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

INFO

Published Date :

2025-12-17T16:47:13.128Z

Last Modified :

2026-02-26T16:07:31.045Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2025-20393 vulnerability.

Vendors	Products
Cisco	Asyncos Secure Email Secure Email And Web Manager Secure Email And Web Manager M170 Secure Email And Web Manager M190 Secure Email And Web Manager M195 Secure Email And Web Manager M380 Secure Email And Web Manager M390 Secure Email And Web Manager M390x Secure Email And Web Manager M395 Secure Email And Web Manager M680 Secure Email And Web Manager M690 Secure Email And Web Manager M690x Secure Email And Web Manager M695 Secure Email And Web Manager Virtual Appliance M100v Secure Email And Web Manager Virtual Appliance M300v Secure Email And Web Manager Virtual Appliance M600v Secure Email Gateway Secure Email Gateway C195 Secure Email Gateway C395 Secure Email Gateway C695 Secure Email Gateway Virtual Appliance C100v Secure Email Gateway Virtual Appliance C300v Secure Email Gateway Virtual Appliance C600v

Vendors

Products

Cisco

Asyncos
Secure Email
Secure Email And Web Manager
Secure Email And Web Manager M170
Secure Email And Web Manager M190
Secure Email And Web Manager M195
Secure Email And Web Manager M380
Secure Email And Web Manager M390
Secure Email And Web Manager M390x
Secure Email And Web Manager M395
Secure Email And Web Manager M680
Secure Email And Web Manager M690
Secure Email And Web Manager M690x
Secure Email And Web Manager M695
Secure Email And Web Manager Virtual Appliance M100v
Secure Email And Web Manager Virtual Appliance M300v
Secure Email And Web Manager Virtual Appliance M600v
Secure Email Gateway
Secure Email Gateway C195
Secure Email Gateway C395
Secure Email Gateway C695
Secure Email Gateway Virtual Appliance C100v
Secure Email Gateway Virtual Appliance C300v
Secure Email Gateway Virtual Appliance C600v

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20393.

URL	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact