By Guru Baran
Publication Date: 2026-01-16 10:15:00
Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances.
Tracked as CVE-2025-20393, the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted HTTP requests to the Spam Quarantine feature.
The vulnerability stems from insufficient validation of HTTP requests in the Spam Quarantine feature of Cisco AsyncOS Software, enabling remote command execution with root privileges on affected appliances.
Classified under CWE-20 (Improper Input Validation), it scores a maximum CVSSv3.1 base of 10.0, highlighting its network accessibility, low complexity, and full impact on confidentiality, integrity, and availability.
Exploitation targets appliances where Spam Quarantine is enabled and exposed to the internet, typically on port 6025, a configuration not enabled by default and discouraged in deployment…
