CVE-2025-20393

Dec. 18, 2025, 3:41 p.m.

10.0
Critical

Description

Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.

Product(s) Impacted

Vendor Product Versions
Cisco
  • Asyncos
  • Secure Email And Web Manager Virtual Appliance M100v
  • Secure Email And Web Manager Virtual Appliance M300v
  • Secure Email And Web Manager Virtual Appliance M600v
  • Secure Email Gateway Virtual Appliance C100v
  • Secure Email Gateway Virtual Appliance C300v
  • Secure Email Gateway Virtual Appliance C600v
  • Secure Email And Web Manager M170
  • Secure Email And Web Manager M190
  • Secure Email And Web Manager M195
  • Secure Email And Web Manager M380
  • Secure Email And Web Manager M390
  • Secure Email And Web Manager M390x
  • Secure Email And Web Manager M395
  • Secure Email And Web Manager M680
  • Secure Email And Web Manager M690
  • Secure Email And Web Manager M690x
  • Secure Email And Web Manager M695
  • Secure Email Gateway C195
  • Secure Email Gateway C395
  • Secure Email Gateway C695
  • *
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o cisco asyncos / / / / / / / /
a cisco secure_email_and_web_manager_virtual_appliance_m100v - / / / / / / /
a cisco secure_email_and_web_manager_virtual_appliance_m300v - / / / / / / /
a cisco secure_email_and_web_manager_virtual_appliance_m600v - / / / / / / /
a cisco secure_email_gateway_virtual_appliance_c100v - / / / / / / /
a cisco secure_email_gateway_virtual_appliance_c300v - / / / / / / /
a cisco secure_email_gateway_virtual_appliance_c600v - / / / / / / /
h cisco secure_email_and_web_manager_m170 - / / / / / / /
h cisco secure_email_and_web_manager_m190 - / / / / / / /
h cisco secure_email_and_web_manager_m195 - / / / / / / /
h cisco secure_email_and_web_manager_m380 - / / / / / / /
h cisco secure_email_and_web_manager_m390 - / / / / / / /
h cisco secure_email_and_web_manager_m390x - / / / / / / /
h cisco secure_email_and_web_manager_m395 - / / / / / / /
h cisco secure_email_and_web_manager_m680 - / / / / / / /
h cisco secure_email_and_web_manager_m690 - / / / / / / /
h cisco secure_email_and_web_manager_m690x - / / / / / / /
h cisco secure_email_and_web_manager_m695 - / / / / / / /
h cisco secure_email_gateway_c195 - / / / / / / /
h cisco secure_email_gateway_c395 - / / / / / / /
h cisco secure_email_gateway_c695 - / / / / / / /

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393

Tags

psirt@cisco.com
2025-12-17
CVE-2025-20393

CVSS Score

10.0 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    View Vector String

Timeline

Published: Dec. 17, 2025, 5:15 p.m.
Last Modified: Dec. 18, 2025, 3:41 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

psirt@cisco.com

Relations

Here is the list of observables linked to the vulnerability CVE-2025-20393 using threat intelligence.

  • Multiple Products
  • Multiple Products

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.