CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-20393

CVSS 10.0v3.1pub. 2025-12-17upd. 2026-01-16

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

🤖 AI Analysis
How it works

The vulnerability results from insufficient HTTP request validation by the Spam Quarantine module. The attacker sends a crafted HTTP request to the vulnerable device without the need for authentication. A properly prepared payload causes arbitrary commands to be executed at the operating system level with root privileges.

Impact

The attacker gains full control of the device with root privileges, allowing data reading and modification, malicious software installation, and lateral movement across the organization's network.

Mitigation & patch

Patches available from the vendor must be applied immediately in accordance with the official Cisco security advisory (cisco-sa-sma-attack-N9bf4). Until the fix is deployed, it is recommended to restrict access to the Spam Quarantine interface only to trusted IP addresses at the firewall level and monitor devices for unauthorized activity.

Who is affected

Cisco Secure Email Gateway C695, Cisco Secure Email and Web Manager M380, Cisco Secure Email and Web Manager M695, Cisco Secure Email and Web Manager Virtual Appliance M100V, Cisco Secure Email and Web Manager Virtual Appliance M600V — running Cisco AsyncOS software with the Spam Quarantine function enabled; specific versions indicated in the vendor's references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
  • Cisco Asyncos

    OS
    Cisco
    < 15.0.5-01615.5 – 15.5.4-012 (bez)16.0 – 16.0.4-016 (bez)< 15.0.2-00715.5 – 15.5.4-007 (bez)16.0 – 16.0.4-010 (bez)
  • Cisco Secure Email And Web Manager M170

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M190

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M195

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M380

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M390

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M390x

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M395

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M680

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M690

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M690x

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager M695

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager Virtual Appliance M100v

    APP
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager Virtual Appliance M300v

    APP
    Cisco
    wszystkie wersje
  • Cisco Secure Email And Web Manager Virtual Appliance M600v

    APP
    Cisco
    wszystkie wersje
  • Cisco Secure Email Gateway C195

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email Gateway C395

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email Gateway C695

    HW
    Cisco
    wszystkie wersje
  • Cisco Secure Email Gateway Virtual Appliance C100v

    APP
    Cisco
    wszystkie wersje
  • Cisco Secure Email Gateway Virtual Appliance C300v

    APP
    Cisco
    wszystkie wersje
  • Cisco Secure Email Gateway Virtual Appliance C600v

    APP
    Cisco
    wszystkie wersje

CISA KEV — detailsi

Vendori
Cisco
Producti
Multiple Products
Added to KEVi
December 17, 2025
Remediation deadline (US Federal)i
December 24, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 24 grudnia 2025
CWE
References

Related vulnerabilities

CVE-2024-20435HIGH8.8ten sam produkt

A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attac...

CVE-2022-20653HIGH7.5ten sam produkt

A vulnerability in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco...

CVE-2021-34741HIGH7.5ten sam produkt

A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance (...

CVE-2021-34698HIGH8.6ten sam produkt

A vulnerability in the proxy service of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an un...

CVE-2021-1566HIGH7.4ten sam produkt

A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for ...