#VU120181 Input validation error in Secure Email Gateway and Cisco Secure Email and Web Manager - CVE-2025-20393
Published: December 17, 2025 / Updated: January 16, 2026
Vulnerability identifier: #VU120181
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2025-20393
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
Secure Email Gateway
Cisco Secure Email and Web Manager
Secure Email Gateway
Cisco Secure Email and Web Manager
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker can send specially crafted packets to the device and execute arbitrary code with root privileges.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.