CVE-2025-20393 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cisco	CNA	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 91%

Vendor	Product	Version
cisco	asyncos	𝑥 ≤ 16.0.3-044

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Vulnerability Media Exposure

[ENGLISH] Attacks pummeling Cisco AsyncOS 0-day since late November
No timeline for a patch Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances for nearly a month, and there's no timeline for a fix.…
Published: 2025-12-17T22:51:46+00:00
[ENGLISH] Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances
Cisco has alerted users to a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The networking equipment major said it became aware of the intrusion campaign on December 10, 2025, and that it
Published: 2025-12-18T09:40:00+05:30
[GERMAN] Angriffe auf Zero-Day-Lücken: Cisco, Sonicwall und Asus Live Update
Die CISA warnt vor beobachteten Angriffen auf Cisco-, Sonicwall- und Asus-Sicherheitslücken. Updates sind teils verfügbar.
Published: 2025-12-18T06:47:00+00:00
[GERMAN] Backdoors eingeschleust: Chinesische Hacker kapern seit Wochen Cisco-Systeme
Angreifer aus China schleusen über eine Zero-Day-Lücke in Cisco AsyncOS Malware auf anfällige Appliances. Ein Patch ist noch nicht in Sicht. ( Sicherheitslücke , Cisco )
Published: 2025-12-18T09:05:10+01:00
[GERMAN] Cisco AsyncOS für Secure Email Gateway: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco AsyncOS und Cisco Secure Email Gateway ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen.
Published: 2025-12-17T23:00:00+00:00
[ENGLISH] ⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More
Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can
Published: 2025-12-22T17:30:00+05:30

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20393