CVE-2025-20393

Published Dec 17, 2025

Last updated 6 days ago

Exploit knownCVSS critical 10.0
Cisco Secure Email Gateway

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-20393 is an improper input validation vulnerability that affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances. Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected appliance. Specifically, the vulnerability is triggered when the Spam Quarantine feature is exposed to the internet. Attackers have been observed exploiting this vulnerability in the wild to install backdoors (like AquaShell and AquaTunnel) and tools for log manipulation (like AquaPurge) and traffic proxying (Chisel). CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog.

Description
Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more information becomes available.
Source
psirt@cisco.com
NVD status
Analyzed
Products
asyncos

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Cisco Multiple Products Improper Input Validation Vulnerability
Exploit added on
Dec 17, 2025
Exploit action due
Dec 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@cisco.com
CWE-20

Social media

Hype score
Not currently trending

  1. 🚨 China-Linked UAT-9686 Exploits Cisco Email Security Zero-Day to Gain Root on AsyncOS Appliances Cisco disclosed active exploitation of a critical zero-day (CVE-2025-20393) impacting Cisco Secure Email Gateway and Secure Email and Web Manager, allowing attackers to execute

    @ThreatSynop

    23 Dec 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 Cisco Secure Email Gateway [—] Dec 23, 2025 Comprehensive Security Advisory on Active Zero-Day (CVE-2025-20393) Targeting Cisco Secure Email Gateway Checkout our Threat Intelligence Platform: https://t.co/QuwNtEgYh1 https://t.co/QuwNtEgYh1 #LLM https://t.co/NzBVkBoZUw

    @transilienceai

    23 Dec 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Cisco has patched an actively exploited zero-day vulnerability (CVE-2025-20393) in AsyncOS, which enables root-level command execution and carries a CVSS score of 10. https://t.co/IuW1PIay1b #ThreatProtection #VulnerabilityManagement #CyberSecurityAlerts https://t.co/pdhegj7xQO

    @qualys

    22 Dec 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Cisco Zero-Day Alert: Email Gateways Under Active Attack Over 100 Cisco Secure Email devices are exposed to an actively exploited zero-day (CVE-2025-20393) with no patch yet available. 🔗 https://t.co/73C2jNPld6 #CVE202520393 #CiscoSecurity #ZeroDay #EmailSecurity http

    @VaultEdgeIT

    22 Dec 2025

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. تقارير حديثة تكشف عن حملة اختراق واسعة استهدفت انظمة تأمين البريد الإلكتروني من Cisco عبر ثغرة ZeroDay CVE-2025-20393 الهجوم بدأ من نوفمبر الماضي واستخدمت أدوات مخص

    @tech_roaq

    22 Dec 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Nueva herramienta para detectar vulnerabilidades de día cero en ➡️ Cisco Secure Email Gateway CVE-2025-20393 Python script Cisco Secure Email Gateway (SEG) and Secure Malware Analytics (SMA), Cisco Secure Email and Web Manager https://t.co/E0lWEh67ok… https://t.co/K0b

    @teamsixinvestig

    22 Dec 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Cisco's "limited subset" weasel words on CVE-2025-20393. Technically true, defender-wise? Bullshit. Panic or false security, your pick. Just publish the exposure criteria, geniuses. Or watch breaches light up your NOC. Why help when vagueness sells support contracts?

    @CisoRaging77913

    22 Dec 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 Cisco Secure Email Gateway [—] Dec 22, 2025 Critical Security Advisory: Ongoing Zero-Day Exploitation (CVE-2025-20393) Impacting Cisco Secure Email Gateway – Exposure, Impact, and Mitigation Guidance Checkout our Threat Intelligence Platform:... https://t.co/HiVbkUArNL

    @transilienceai

    22 Dec 2025

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 Cisco AsyncOS [—] Dec 22, 2025 Critical Zero-Day Vulnerability (CVE-2025-20393) Actively Exploited Against Cisco Secure Email Gateway and Web Manager — Current Exploitation and Urgent Mitigation Guidance. Checkout our Threat Intelligence Platform:... https://t.co/7LpRbvs

    @transilienceai

    22 Dec 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Cisco Secure Email製品に致命的なRCE脆弱性 https://t.co/4LrnzAMGgm Ciscoは2025年12月17日、Secure Email Gatewayおよび Secure Email and Web Manager にリモートコマンド実行の脆弱性 CVE-2025-20393 を公表。この脆弱性は「CWE-20

    @cloudsec_news

    21 Dec 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Nueva herramienta para detectar vulnerabilidades de día cero en ➡️ Cisco Secure Email Gateway CVE-2025-20393 Python script Cisco Secure Email Gateway (SEG) and Secure Malware Analytics (SMA), Cisco Secure Email and Web Manager https://t.co/iB0hAnSyG5 https://t.co/Mfrrs6

    @elhackernet

    21 Dec 2025

    3355 Impressions

    6 Retweets

    38 Likes

    22 Bookmarks

    0 Replies

    0 Quotes

  12. Over 100 Cisco Secure Email devices are vulnerable to a critical zero-day flaw (CVE-2025-20393) actively exploited in the wild. Immediate action is required. https://t.co/Yk2XFu2nhU #Security #Vulnerability #Exploit #Network #Attack #Risk #Threat #Patch #Update #Breach https://t.

    @dailytechonx

    21 Dec 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. How UAT-9686 Plants the 'AquaShell' Backdoor via Unpatched Cisco Zero-Day (CVE-2025-20393 Analysis) Read the full report on - https://t.co/WeYU3EjlSq https://t.co/6lpElLL2Tq

    @Iambivash007

    21 Dec 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISCO EMAIL ZERO-DAY: Critical CVSS 10.0 Vulnerability (CVE-2025-20393) Exploited by State Actors for Root Takeover Read the full report on - https://t.co/Uy0Ld6Fh1n https://t.co/xXyptIn7Hj

    @Iambivash007

    21 Dec 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively Exploited Zero-Day (CVE-2025-20393) Targets Cisco Email Security Appliances https://t.co/Yq0HXygZHI #patchmanagement

    @eyalestrin

    21 Dec 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. A critical zero-day vulnerability, tracked as CVE-2025-20393, is currently impacting Cisco Secure Email Gateway appliances.

    @RoryCrave

    21 Dec 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Cisco confirms zero-day CVE-2025-20393 in Secure Email appliances, exploited by China-linked actors using Aquashell backdoor. No patch yet, 100+ devices exposed. #ZeroDay https://t.co/i75LZ2m1UJ

    @threatcluster

    21 Dec 2025

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 Alerta: Hackers chinos explotan zero-day en Cisco (CVE-2025-20393). Cientos de empresas en riesgo, sin parches aún. Solución temporal: formatear sistemas. ¿Estás protegido? #Ciberseguridad #Hacking #GadgetsTIMES https://t.co/gdzrxuirXx

    @GadgetsTimesRD

    21 Dec 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨 Cisco Secure Email Gateway [—] Dec 21, 2025 Comprehensive security advisory for Cisco Secure Email Gateway detailing the active AsyncOS zero-day (CVE-2025-20393), its operational impact, exposure conditions, and multi-source mitigation and detection guidance. Checkout our.

    @transilienceai

    21 Dec 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 𝐁𝐫𝐢𝐞𝐟 𝐒𝐮𝐦𝐦𝐚𝐫𝐲: 🚨 Cisco warned of active attacks exploiting an unpatched, maximum-severity zero-day in Cisco AsyncOS (CVE-2025-20393, CVSS 10.0) affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Cisco said it b

    @ThreatSynop

    20 Dec 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Cisco Zero-Day CVE-2025-20393 Actively Exploited by China-Linked APT Root RCE in Secure Email Appliances — no patch yet. Primary mitigation: Block internet access to Spam Quarantine interfaces. Full details: https://t.co/DTPPmAzwjY #CyberSecurity #ZeroDay #Cisco #Infosec ht

    @ByteVanguardSec

    20 Dec 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. We have identified 120 Cisco Secure Email Gateway/ Cisco Secure Email and Web Manager likely vulnerable to CVE-2025-20393 (over 650 fingerprinted exposed). CVE-2025-20393 is exploited in the wild, with no patch available. Follow Cisco recommendations at https://t.co/0mB8XKuXBO h

    @Shadowserver

    20 Dec 2025

    1984 Impressions

    7 Retweets

    18 Likes

    4 Bookmarks

    1 Reply

    1 Quote

  23. 🟠Cisco reveló una vulnerabilidad de día cero crítica (CVE-2025-20393) en Secure Email Gateway y Secure Email and Web Manager, explotada activamente por un grupo vinculado a China. #QintegraNews #ciberseguridad @securityaffairs https://t.co/kTjaRnvCB4

    @QintegraC

    20 Dec 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨 Cisco Secure Email appliances (AsyncOS) under active attack (CVE-2025-20393). If Spam Quarantine is internet-reachable: restrict access NOW, review logs, and rebuild if compromise suspected. #InfoSec #ThreatHunting Source: https://t.co/m0e7NURsyg

    @SecureComputer0

    20 Dec 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Cisco email security products are being targeted in a zero-day campaign. A flaw in Secure Email appliances (CVE-2025-20393) has been exploited by China-linked actors. CISA warns agencies to remediate by December 24. #Cisco #CyberSecurity #ZeroDay https://t.co/h5qDP9sAqn

    @ProgresiveRobot

    20 Dec 2025

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🛑 CVE-2025-20393 tiene una calificación de 10.0 y no hay parche disponible 🚨 Cisco confirmó la explotación activa de un ataque de día cero de AsyncOS por parte de una APT vinculada a China. 🔗 Detalles https://t.co/GzgSg0PQTR https://t.co/30yB3AndxS

    @ciberseguridadx

    20 Dec 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. When you can’t see inside the appliance, you have to look at the network. CVE-2025-20393 is a critical RCE flaw affecting Cisco Secure Email Gateways and is now being actively exploited by the UAT-9686 actor. These attacks target trusted, often unmonitored edge appliances, htt

    @corelight_inc

    19 Dec 2025

    131 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🧵 Weekly Cyber Wrap-up: Dec 15 - Dec 19, 2025 🚨 BREAKING NEWS 1. Critical Cisco Zero-Day (CVE-2025-20393) • Severity: Critical (CVSS 10.0) ☠️ • Impact: A remote code execution flaw in Cisco AsyncOS (Email/Web Security) is being actively exploited by state-sponsored

    @revyCyber

    19 Dec 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. 🚨 Cisco AsyncOS Zero-Day Exploited by Chinese Hackers – CVE-2025-20393 (CVSS 10.0) Chinese APT UAT-9686 exploiting CVE-2025-20393 in Cisco email appliances—perfect-10 flaw enabling root RCE. What's nasty: "AquaShell" backdoor embedded in existing web server files, rece

    @the_c_protocol

    19 Dec 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🚨 Attacks attempting exploitation of CVE-2025-20393 (Cisco Secure Email zero-day) are now attempting to drop AsyncOS-specific malware onto our honeypots 🍯 It is still unclear if the attacks are genuine - technical details of the vulnerability are not known to date https://

    @DefusedCyber

    19 Dec 2025

    2523 Impressions

    7 Retweets

    33 Likes

    5 Bookmarks

    0 Replies

    1 Quote

  31. 🚨 New Tool Detects Cisco 0-Day Exploit in Secure Email Gateway! | Source: https://t.co/VZPKTxqhJB A lightweight Python script to help organizations quickly identify exposure to CVE-2025-20393, a critical zero-day vulnerability in Cisco Secure Email Gateway (SEG) and Secure ht

    @The_Cyber_News

    19 Dec 2025

    2564 Impressions

    29 Retweets

    73 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  32. Chinese APT UAT-9686 is exploiting CVE-2025-20393 (CVSS 10.0) to fully compromise #Cisco Secure Email systems via exposed Spam Quarantine, deploying custom backdoors and tunnels. No patch available; rebuild required. https://t.co/sdWEbxyOMI

    @MeridianEU

    19 Dec 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Released an open-source tool for CVE-2025-20393 affecting Cisco Email Security Appliance. Includes Nuclei template + Python confirmation tool + HTML report. 🔗 https://t.co/0GQUHxo5a0 📖 https://t.co/HNyH9fF1ER #CyberSecurity #CVE #Cisco #InfoSec https://t.co/5vfBLXIJap

    @cyberleelawat

    19 Dec 2025

    1 Impression

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 #Cisco Zero-Day Vulnerability #CVE-2025-20393: China-Linked Threat Exploits Email Gateways + Video https://t.co/jmLNbSAl1Y

    @UndercodeNews

    19 Dec 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🚨ด่วน!! ช่องโหว่ใน Cisco Secure Email เสี่ยงถูกยึดระบบ ตรวจสอบด่วน ThaiCERT แจ้งเตือนกรณีพบการโจมตีจริง โดยใช้ช่องโห

    @ThaiCERTByNCSA

    19 Dec 2025

    67 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  36. China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager: Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group.… https://t.co/WlzUtEuoY

    @shah_sheikh

    19 Dec 2025

    74 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. ⚠️A tool has been released for automating the discovery of CVE-2025-20393 targets (Cisco Secure Email zero-day) We are seeing it chained with POST requests to implant C2 servers 🍯 This is likely not the genuine vulnerable path - technical details of the vulnerability ar

    @DefusedCyber

    19 Dec 2025

    6906 Impressions

    11 Retweets

    55 Likes

    23 Bookmarks

    2 Replies

    1 Quote

  38. 🚨Zero-day Alert‼️ Cisco Alerts on Critical 10.0 CVSS AsyncOS Zero Day Actively Exploited by China Linked APT, No Patch Available Cisco disclosed an actively exploited zero day in AsyncOS, tracked as CVE-2025-20393 (CVSS 10.0), allowing unauthenticated remote code executi

    @H4ckmanac

    19 Dec 2025

    5506 Impressions

    15 Retweets

    29 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  39. حملة اختراق استهدفت أنظمة تأمين البريد الإلكتروني في @Cisco عبر ثغرة يوم صفر (CVE-2025-20393) تقودها مجموعة يشتبه ارتباطها بمجموعات سيبرانية تنشط في الصين. مكنت ال

    @cyberscastx

    19 Dec 2025

    429 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  40. I see these posts that link back to these exploits almost every day on Facebook.. People don't see them, they scroll on past But I guess no more as y'all had to hack me out of my shit.. In December 2025, Cisco disclosed a critical zero-day vulnerability (CVE-2025-20393) with a

    @Girlscout05

    19 Dec 2025

    102 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  41. 🚨 Cisco Secure Email Gateway [—] Dec 19, 2025 Critical Security Advisory: Active Exploitation of Zero-Day Vulnerability in Cisco Secure Email Gateway (CVE-2025-20393) Checkout our Threat Intelligence Platform: https://t.co/QuwNtEhw6z... https://t.co/WhhncOnoea

    @transilienceai

    19 Dec 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🚨 AquaShell Threat Intelligence Report [High] Dec 19, 2025 This report details the AquaShell threat, a custom persistence mechanism used by the Chinese-nexus APT actor UAT-9686. The actor is exploiting a zero-day vulnerability, CVE-2025-20393, in Cisco AsyncOS Software for...

    @transilienceai

    19 Dec 2025

    91 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. #threatreport #LowCompleteness CVE-2025-20393: Cisco AsyncOS Zero-Day Impacts Secure Email Appliances | 18-12-2025 Source: https://t.co/EkMMEyj75j Key details below ↓ 🧑‍💻Actors/Campaigns: Uat-9686 Winnti Unc5174 💀Threats: Aquashell, Aquatunnel_tool, Chisel_tool, ht

    @rst_cloud

    18 Dec 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  44. シスコ社製品スパム隔離機能の脆弱性CVE-2025-20393について、影響を受けた機器では侵害兆候の確認も行うよう、米国サイバーセキュリティ・社会基盤安全保障庁(CISA)からの対応指示備考欄に追記された。 https:/

    @__kokumoto

    18 Dec 2025

    896 Impressions

    0 Retweets

    3 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

  45. The #Cisco Email vulnerability (CVE-2025-20393) underscores the rising risks posed by zero-day exploits targeting critical infrastructure. This vulnerability, rated CVSS 10.0, allows unauthenticated attackers to execute root-level commands and effectively compromise systems. http

    @Nightwing_usa

    18 Dec 2025

    120 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  46. 🚨 CVE-2025-20393: Script to detect for Cisco Secure Email Gateway And Cisco Secure Email and Web Manager CVSS: 10 Currently no patch and zero-day GitHub: https://t.co/eqqkiHjVBN https://t.co/65kQajucKw

    @DarkWebInformer

    18 Dec 2025

    12858 Impressions

    17 Retweets

    96 Likes

    50 Bookmarks

    1 Reply

    1 Quote

  47. Cisco identifies active exploitation of zero-day flaw CVE-2025-20393 in AsyncOS software. Immediate action required to secure affected email security appliances. Link: https://t.co/TUqlZPMqsz #Security #Exploit #Vulnerability #Technology #Software #Email #Flaw #Mitigation #Alert

    @dailytechonx

    18 Dec 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🔴 Cisco AsyncOS Zero-Day: No Patch Since Late November CVE-2025-20393 has been hammered by Chinese APT UAT-9686 since at least late November—and Cisco still hasn't shipped a fix. What's nasty: unauthenticated remote attackers execute arbitrary commands with root privileg

    @the_c_protocol

    18 Dec 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. Cisco alerte sur des attaques actives exploitant une vulnérabilité zero-day non corrigée (CVE-2025-20393) affectant les appliances de sécurité email fonctionnant sous AsyncOS https://t.co/q3BPw0a7Iq

    @cert_ist

    18 Dec 2025

    212 Impressions

    2 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 CVE-2025-20393 este o vulnerabilitate critică, cu scor CVSS 10.0 (Scor maxim), în componenta AsyncOS folosită de produsele Cisco pentru securitatea mesageriei electronice. ⚠️ Produsele afectate sunt Cisco Secure Email Gateway (SEG) și Cisco Secure Email and Web Manag

    @DNSC_RO

    18 Dec 2025

    159 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.