CVE-2025-20393
Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability
In short
A flaw in Cisco's email security appliances allows an attacker to send a specially crafted web request and take complete control of the device, running any command as the administrator. This is critical because these devices protect entire organizations' email.
Technical detail
Insufficient HTTP request validation in the Spam Quarantine feature enables unauthenticated remote command execution with root privileges. An attacker sends a malicious HTTP request to the affected appliance; no authentication or special conditions are required. Successful exploitation grants complete system compromise.
Summary generated and translated by AI from the official description.
A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges.
This vulnerability is due to insufficient validation of HTTP requests by the Spam Quarantine feature. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
public PoCs found — 5
githubgithub.com/StasonJatham/cisco-sa-sma-attack-N9bf4★ 22githubgithub.com/cyberleelawat/CVE-2025-20393★ 2githubgithub.com/KingHacker353/CVE-2025-20393★ 0githubgithub.com/redpack-kr/Blackash-CVE-2025-20393★ 0githubgithub.com/cyberdudebivash/CYBERDUDEBIVASH-Cisco-AsyncOS-CVE-2025-20393-Scanner★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →