Critical remote command execution vulnerability in Cisco Secure Email Gateway and Manager appliances with CVSS 10.0 score requiring no authentication or user interaction. CISA has added this to their KEV catalog due to active exploitation in the wild targeting these internet-facing email security appliances.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-12-17
Added to CISA KEV: 2025-12-17 0 DAY BETWEEN CVE AND KEV
This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially ...Read more
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.Read more
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-48927 TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability.These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.