—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in Cisco AsyncOS Software 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Systems Affected

Cisco Secure Email Gateway (SEG) (Physical and Virtual appliances)

Cisco Secure Email and Web Manager (SEWM) (Physical and Virtual appliances)

Overview

A vulnerability has been reported in Cisco AsyncOS Software which could allow a remote attacker to execute arbitrary code on targeted system.

Target Audience:

IT administrators, Enterprise Security Teams, SOC/IR Teams, and organizations using Cisco Secure Email Gateway or Secure Email and Web Manager appliances.

Risk Assessment:

Critical risk of data manipulation and service disruption.

Impact Assessment:

Confidentiality, Integrity and Availability of System.

Description

Cisco AsyncOS Software is a purpose-built operating system that powers Cisco Secure Email Gateway and Secure Email and Web Manager appliances, providing email security, threat detection, and centralized policy management.

This vulnerability exists in Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager due to Improper Input Validation. A remote attacker could exploit this vulnerability by sending crafted network requests to affected services, allowing execution of arbitrary commands with root privileges, without authentication or user interaction.

Successful exploitation may grant an attacker complete control over the affected appliance.

Note:- This vulnerability is being exploited in the wild.

Workaround

Cisco has indicated that no complete workaround or patch is currently available. As interim risk reduction measures, organizations are advised to:

Restrict or disable external access to the web management interface

Disable or restrict access to the Spam Quarantine service if not required

Disable HTTP access to administrative interfaces where feasible

Monitor web and system logs for unusual activity, including unauthorized HTTP POST requests

If compromise is suspected, isolate and rebuild the affected appliance from a trusted source

Apply vendor-provided updates immediately once released.

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

References

 

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

https://www.cisa.gov/news-events/alerts/2025/12/17/cisa-adds-three-known-exploited-vulnerabilities-catalog

https://www.hkcert.org/security-bulletin/cisco-asyncos-remote-code-execution-vulnerability_20251218

CVE Name

CVE-2025-20393

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlEDmoACgkQ3jCgcSdc

ys8qnRAAoFKBF1YwTFyRdPNpzyrrJou0GyNYwgLvfGdn4PS7FZ0HAYrNH1UU+qog

531zt3UL5X3sistkUOqcoPfAXtbL9KyDwNiAKHZOJSjlitM20XW1BUCkvYt//BEj

Jh5yc3lZ8+tXXSVpFJhZINv28MaaVKsyQayXwvqfO5rr3DjXSgPMohP++oT+zxK6

Av8qPj1XbZfiMWJy7S7dzyJTi/3XqeVk403tqARVlR4dwiqtny1c1HZmi7+WNeLZ

OUqoQ1yp5PphUdkMbpX+AQQBMfOG3ebNVz5G31yLejKbs+vwfsj0qNuCNAd0h8Ze

9vXraoMgeCwlZTodoIZ159loY6aJ3D1qL+v7X1BW3l/qg3lzzprxZBtljJU0w/Dc

zDU+nY54yaclvPu26mYinifNiEVNeevluLF6pSF8hIizj9rfZiJ2snlI5w8HI4Do

mh6lLt9F0LUWn/QCQRfvJDjt0AmFbMWT3tl52FhUrxdTsrkKXkA9d94XlkaARObf

Jya4o3XAIcVLRDWOaylMqVR6Gfqt+g8m2ZqEbq1Vn8rz3S4yyiNyjd6Cax+xYpc6

2jJQfSDEg1lq979cZFiAoxlgCqcrH39yfDvI5hepw7aQ87njUA6EzbMs/r2Bp158

gL1qWRs7VlFKkJDv3JCVlr8RbEk/zepYACDTPUJ+Y7Ti/pb0Fxk=

=vIbf

—–END PGP SIGNATURE—–