Cisco Product Security Update Advisory (CVE-2025-20393)

Dec 23 2025

Overview

Cisco has released security updates that address vulnerabilities in Cisco products. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-20393

Versions of Cisco Secure Email Gateway, Cisco Secure Email, AsyncOS Software, and Web Manager appliances: all versions with spam quarantine enabled and exposed to the Internet

Resolved Vulnerabilities

Arbitrary command execution vulnerability due to lack of input validation in Cisco products (CVE-2025-20393)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-20393

Cisco Secure Email Gateway, Cisco Secure Email and Web Manager appliances versions: Updated with Referenced Sites documentation [1]

Referenced Sites

[1] Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N..
[2] UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager
https://blog.talosintelligence.com/uat-9686/

Cisco Product Security Update Advisory (CVE-2025-20393)

Google Chrome Browser (143.0.7499.146/.147) Security Update Advisory

Apache Commons Text Security Update Advisory (CVE-2025-46295)

Tags:

Google Chrome Browser (143.0.7499.146/.147) Security Update Advisory

Apache Commons Text Security Update Advisory (CVE-2025-46295)