—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in Cisco AsyncOS Software 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: CRITICAL

Systems Affected

Cisco Secure Email Gateway (SEG) (Physical and Virtual appliances)

Cisco Secure Email and Web Manager (SEWM) (Physical and Virtual appliances)

Overview

A vulnerability has been reported in Cisco AsyncOS Software which could allow a remote attacker to execute arbitrary code on targeted system.

Target Audience:

IT administrators, Enterprise Security Teams, SOC/IR Teams, and organizations using Cisco Secure Email Gateway or Secure Email and Web Manager appliances.

Risk Assessment:

Critical risk of data manipulation and service disruption.

Impact Assessment:

Confidentiality, Integrity and Availability of System.

Description

Cisco AsyncOS Software is a purpose-built operating system that powers Cisco Secure Email Gateway and Secure Email and Web Manager appliances, providing email security, threat detection, and centralized policy management.

This vulnerability exists in Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager due to Improper Input Validation. A remote attacker could exploit this vulnerability by sending crafted network requests to affected services, allowing execution of arbitrary commands with root privileges, without authentication or user interaction.

Successful exploitation may grant an attacker complete control over the affected appliance.

Note:- This vulnerability is being exploited in the wild.

Workaround

Cisco has indicated that no complete workaround or patch is currently available. As interim risk reduction measures, organizations are advised to:

Restrict or disable external access to the web management interface

Disable or restrict access to the Spam Quarantine service if not required

Disable HTTP access to administrative interfaces where feasible

Monitor web and system logs for unusual activity, including unauthorized HTTP POST requests

If compromise is suspected, isolate and rebuild the affected appliance from a trusted source

Apply vendor-provided updates immediately once released.

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

References

 

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

https://www.cisa.gov/news-events/alerts/2025/12/17/cisa-adds-three-known-exploited-vulnerabilities-catalog

https://www.hkcert.org/security-bulletin/cisco-asyncos-remote-code-execution-vulnerability_20251218

CVE Name

CVE-2025-20393

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmlEDwwACgkQ3jCgcSdc

ys8tfxAAh7Ou+YMWWeqmG4wcM0gvjWbht2hqpMoyvpqZpH+mAuZ841xfjp2z3IXr

T6s8cxR8ImepL4mbxlPbkL0cy9DGfjsmuKcICwnPYMvibquBYmOQdQ7LvzDIx44v

DE/HkrRmk7g2juA5qGFyb617u4Vi1MJdNVHHgkkBq6+0EyTFrFMSvfR/HRjwVN0o

/zpnfHuQdEJ/TMJupxiPyi9VVBEXw9LVK0x7VU7KSJu5V8GDboJDRsz/qUgzykDU

X1BxMkD0i5ZVwL0cTykbHIPYfRpHbNtUO83tk6VC6wnEpBqvuuRG6MVqE9jEWLpc

XAL+Zlut/afnAIFxTiicRhE53grPh471mquqSSFP/37mhlnP30NoZVTzudKy9ESI

QxGXDBgUk8WUoDqvrMLFVGniI4Uy19N+oLV0+qXZ5bs04FjtGyWQ8bzbUwoWoiB/

hSFrgn1fLJ5EmT0ziwcl+r2ihI0l1RP/7R9acs0hahjxVQv3iFFBnJ3kAJVaW1XH

DLRhYfuDavBwyxTisCn+ZPjC2D4L31FEyyeKh2xcZPthbWgAxMczdixniZrjT4Ee

HRxD5nEz3XmdsLRLsHZB8IbX0+sJodOA7PB9haE+jX0iVZ+O0y5mUS2oMnXGTYr3

JvK3XAu8u1sNg0XJ+VDdi9bJi8MJzDIKyl+YDH7HZIDUlZR8Lx4=

=b0rI

—–END PGP SIGNATURE—–