🔴 CVE-2025-20393

Critical remote command execution vulnerability in Cisco Secure Email Gateway and Manager appliances with CVSS 10.0 score requiring no authentication or user interaction. CISA has added this to their KEV catalog due to active exploitation in the wild targeting these internet-facing email security appliances.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-17

Added to CISA KEV: 2025-12-17 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-12-17)

Based on the search results, here's what is known about the CVE-2025-20393 vulnerability exploitation:

  • CISA KEV Status: CISA has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation [2][3].
  • Active Exploitation: CISA added CVE-2025-20393 to the KEV catalog due to evidence of active exploitation [2].
  • Internet-Facing Applications: One source mentions that a vulnerability degrades security for public exposed endpoints and may offer arbitrary local file inclusion [1].
  • Attack Vectors: Frequent attack vectors for malicious cyber actors pose significant risks [3][4].
The provided search results do not offer specific details regarding:
  • Whether CVE-2025-20393 specifically affects internet-facing applications or services.
  • Specific attack vectors and exploitation methods for CVE-2025-20393.
  • Whether CVE-2025-20393 has been used in targeted attacks.
  • Technical details about internet exploitability for CVE-2025-20393.

Sources

  1. Known Exploited Vulnerabilities Catalog - CISA

    This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially ...Read more…

  2. CISA Adds One Known Exploited Vulnerability to Catalog

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.Read more…

  3. CISA Adds One Known Exploited Vulnerability to Catalog | CISA

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significa…

  4. CISA Adds Two Known Exploited Vulnerabilities to Catalog | CISA

    CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability.These types of vulnerabilities are frequent attack vectors for…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed