2025-042: Critical Vulnerability in Cisco Secure Email and Web Manager
ID: fc251751-5fd2-5d69-a896-333f9e7cacdd
STIX ID: report--fc251751-5fd2-5d69-a896-333f9e7cacdd
Feed Name: CERT-EU Security Advisories
Threat Score
On December 17, 2025 Cisco published an advisory for CVE-2025-20393 — a critical (CVSS 10) vulnerability allowing remote arbitrary command execution as root on Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances when the Spam Quarantine feature is enabled and internet-accessible; no patch was available at release and Cisco recommends checking for compromise, restricting access, restoring secure configurations, and opening TAC cases.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.