CVE-2025-20393 - Vulnerability Details

CVE-2025-20393 - Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability

Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since yesterday.

The EPSS score is 0.04033.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Cisco	Asyncos Secure Email Secure Email And Web Manager Secure Email And Web Manager M170 Secure Email And Web Manager M190 Secure Email And Web Manager M195 Secure Email And Web Manager M380 Secure Email And Web Manager M390 Secure Email And Web Manager M390x Secure Email And Web Manager M395 Secure Email And Web Manager M680 Secure Email And Web Manager M690 Secure Email And Web Manager M690x Secure Email And Web Manager M695 Secure Email And Web Manager Virtual Appliance M100v Secure Email And Web Manager Virtual Appliance M300v Secure Email And Web Manager Virtual Appliance M600v Secure Email Gateway Secure Email Gateway C195 Secure Email Gateway C395 Secure Email Gateway C695 Secure Email Gateway Virtual Appliance C100v Secure Email Gateway Virtual Appliance C300v Secure Email Gateway Virtual Appliance C600v

Configuration 1 [-]

AND

cpe:2.3:o:cisco:asyncos:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:::::::*
	cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:::::::*
	cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:::::::*
	cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:::::::*
	cpe:2.3:h:cisco:secure_email_gateway_c195:-:::::::*
	cpe:2.3:h:cisco:secure_email_gateway_c395:-:::::::*
	cpe:2.3:h:cisco:secure_email_gateway_c695:-:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Cisco	Secure Email Secure Email And Web Manager Secure Email Gateway

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393

History

Thu, 18 Dec 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco asyncos Cisco secure Email And Web Manager M170 Cisco secure Email And Web Manager M190 Cisco secure Email And Web Manager M195 Cisco secure Email And Web Manager M380 Cisco secure Email And Web Manager M390 Cisco secure Email And Web Manager M390x Cisco secure Email And Web Manager M395 Cisco secure Email And Web Manager M680 Cisco secure Email And Web Manager M690 Cisco secure Email And Web Manager M690x Cisco secure Email And Web Manager M695 Cisco secure Email And Web Manager Virtual Appliance M100v Cisco secure Email And Web Manager Virtual Appliance M300v Cisco secure Email And Web Manager Virtual Appliance M600v Cisco secure Email Gateway C195 Cisco secure Email Gateway C395 Cisco secure Email Gateway C695 Cisco secure Email Gateway Virtual Appliance C100v Cisco secure Email Gateway Virtual Appliance C300v Cisco secure Email Gateway Virtual Appliance C600v
CPEs		cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:::::::* cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c100v:-:::::::* cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c300v:-:::::::* cpe:2.3:a:cisco:secure_email_gateway_virtual_appliance_c600v:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:::::::* cpe:2.3:h:cisco:secure_email_gateway_c195:-:::::::* cpe:2.3:h:cisco:secure_email_gateway_c395:-:::::::* cpe:2.3:h:cisco:secure_email_gateway_c695:-:::::::* cpe:2.3:o:cisco:asyncos::::::::
Vendors & Products		Cisco asyncos Cisco secure Email And Web Manager M170 Cisco secure Email And Web Manager M190 Cisco secure Email And Web Manager M195 Cisco secure Email And Web Manager M380 Cisco secure Email And Web Manager M390 Cisco secure Email And Web Manager M390x Cisco secure Email And Web Manager M395 Cisco secure Email And Web Manager M680 Cisco secure Email And Web Manager M690 Cisco secure Email And Web Manager M690x Cisco secure Email And Web Manager M695 Cisco secure Email And Web Manager Virtual Appliance M100v Cisco secure Email And Web Manager Virtual Appliance M300v Cisco secure Email And Web Manager Virtual Appliance M600v Cisco secure Email Gateway C195 Cisco secure Email Gateway C395 Cisco secure Email Gateway C695 Cisco secure Email Gateway Virtual Appliance C100v Cisco secure Email Gateway Virtual Appliance C300v Cisco secure Email Gateway Virtual Appliance C600v

Wed, 17 Dec 2025 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco secure Email Cisco secure Email And Web Manager Cisco secure Email Gateway
Vendors & Products		Cisco Cisco secure Email Cisco secure Email And Web Manager Cisco secure Email Gateway

Wed, 17 Dec 2025 21:15:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 17 Dec 2025 21:00:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-12-17T00:00:00+00:00', 'dueDate': '2025-12-24T00:00:00+00:00'}`

Wed, 17 Dec 2025 17:00:00 +0000

Type	Values Removed	Values Added
Description		Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.
Title		Cisco Secure Email Gateway and Cisco Secure Email and Web Manager Remote Command Execution Vulnerability
Weaknesses		CWE-20
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
Metrics		cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-12-17T16:47:13.128Z

Updated: 2025-12-18T04:55:21.334Z

Reserved: 2024-10-10T19:15:13.266Z

Link: CVE-2025-20393

Vulnrichment

Updated: 2025-12-17T17:01:24.075Z

NVD

Status : Analyzed

Published: 2025-12-17T17:15:48.523

Modified: 2025-12-18T15:41:16.840

Link: CVE-2025-20393

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-17T21:18:42Z

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object