Input validation error in Secure Email Gateway and Cisco Secure Email and Web Manager - CVE-2025-20393
Published: December 17, 2025 / Updated: January 16, 2026
Vulnerability identifier: #VU120181
CSH Severity: Critical
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2025-20393
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Cisco Systems, Inc
Affected software:
Secure Email Gateway
Cisco Secure Email and Web Manager
Secure Email Gateway
Cisco Secure Email and Web Manager
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote non-authenticated attacker can send specially crafted packets to the device and execute arbitrary code with root privileges.
Note, the vulnerability is being actively exploited in the wild.
How to mitigate CVE-2025-20393
Install update from vendor's website.