CVE-2025-20393

Warnung

Medienbericht

EPSS -
Veröffentlicht 17.12.2025 16:47:13
Zuletzt bearbeitet 17.12.2025 21:15:54
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.

Betroffene Produkte Warnungen 1 Metriken 1 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Secure Email

Default Statusunknown

Version 14.0.0-698

Status affected

Version 13.5.1-277

Status affected

Version 13.0.0-392

Status affected

Version 14.2.0-620

Status affected

Version 13.0.5-007

Status affected

Version 13.5.4-038

Status affected

Version 14.2.1-020

Status affected

Version 14.3.0-032

Status affected

Version 15.0.0-104

Status affected

Version 15.0.1-030

Status affected

Version 15.5.0-048

Status affected

Version 15.5.1-055

Status affected

Version 15.5.2-018

Status affected

Version 16.0.0-050

Status affected

Version 15.0.3-002

Status affected

Version 16.0.0-054

Status affected

Version 15.5.3-022

Status affected

Version 16.0.1-017

Status affected

HerstellerCisco

≫

Produkt Cisco Secure Email and Web Manager

Default Statusunknown

Version 13.6.2-023

Status affected

Version 13.6.2-078

Status affected

Version 13.0.0-249

Status affected

Version 13.0.0-277

Status affected

Version 13.8.1-052

Status affected

Version 13.8.1-068

Status affected

Version 13.8.1-074

Status affected

Version 14.0.0-404

Status affected

Version 12.8.1-002

Status affected

Version 14.1.0-227

Status affected

Version 13.6.1-201

Status affected

Version 14.2.0-203

Status affected

Version 14.2.0-212

Status affected

Version 12.8.1-021

Status affected

Version 13.8.1-108

Status affected

Version 14.2.0-224

Status affected

Version 14.3.0-120

Status affected

Version 15.0.0-334

Status affected

Version 15.5.1-024

Status affected

Version 15.5.1-029

Status affected

Version 15.5.2-005

Status affected

Version 16.0.0-195

Status affected

Version 15.5.3-017

Status affected

Version 16.0.1-010

Status affected

Version 15.0.1-035

Status affected

Version 16.0.2-088

Status affected

17.12.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco Multiple Products Improper Input Validation Vulnerability

Schwachstelle

Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.heise.de/news/Angriffe-auf-Zero-Day-Luecken-Cisco-Sonicwall-und-Asus-Live-Update-11119069.html

Medienbericht

heise Security

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393

https://nvd.nist.gov/vuln/detail/CVE-2025-20393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20393

EUVD