Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2025-20184

Disclosure Date: February 05, 2025 •

CVE-2025-20184 CVSS v3 Base Score: 6.5

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials.

This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.5 Medium

Impact Score:

5.2

Exploitability Score:

1.2

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

High

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

None

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Cisco Secure Email 14.0.0-698

Cisco Secure Email 13.5.1-277

Cisco Secure Email 13.0.0-392

Cisco Secure Email 14.2.0-620

Cisco Secure Email 13.0.5-007

Cisco Secure Email 13.5.4-038

Cisco Secure Email 14.2.1-020

Cisco Secure Email 14.3.0-032

Cisco Secure Email 15.0.0-104

Cisco Secure Email 15.0.1-030

Cisco Secure Email 15.5.0-048

Cisco Secure Email 15.5.1-055

Cisco Secure Email 15.5.2-018

Cisco Secure Email 15.0.3-002

Cisco Secure Email 15.5.3-022

Cisco Secure Web Appliance 11.8.0-453

Cisco Secure Web Appliance 12.5.3-002

Cisco Secure Web Appliance 12.0.3-007

Cisco Secure Web Appliance 12.0.3-005

Cisco Secure Web Appliance 14.1.0-032

Cisco Secure Web Appliance 14.1.0-047

Cisco Secure Web Appliance 14.1.0-041

Cisco Secure Web Appliance 12.0.4-002

Cisco Secure Web Appliance 14.0.2-012

Cisco Secure Web Appliance 11.8.0-414

Cisco Secure Web Appliance 12.0.1-268

Cisco Secure Web Appliance 11.8.1-023

Cisco Secure Web Appliance 11.8.3-021

Cisco Secure Web Appliance 11.8.3-018

Cisco Secure Web Appliance 12.5.1-011

Cisco Secure Web Appliance 11.8.4-004

Cisco Secure Web Appliance 12.5.2-007

Cisco Secure Web Appliance 12.5.2-011

Cisco Secure Web Appliance 14.5.0-498

Cisco Secure Web Appliance 12.5.4-005

Cisco Secure Web Appliance 12.5.4-011

Cisco Secure Web Appliance 12.0.5-011

Cisco Secure Web Appliance 14.0.3-014

Cisco Secure Web Appliance 12.5.5-004

Cisco Secure Web Appliance 12.5.5-005

Cisco Secure Web Appliance 12.5.5-008

Cisco Secure Web Appliance 14.0.4-005

Cisco Secure Web Appliance 14.5.1-008

Cisco Secure Web Appliance 14.5.1-016

Cisco Secure Web Appliance 15.0.0-355

Cisco Secure Web Appliance 15.0.0-322

Cisco Secure Web Appliance 12.5.6-008

Cisco Secure Web Appliance 15.1.0-287

Cisco Secure Web Appliance 14.5.2-011

Cisco Secure Web Appliance 15.2.0-116

Cisco Secure Web Appliance 14.0.5-007

Cisco Secure Web Appliance 15.2.0-164

Cisco Secure Web Appliance 14.5.1-510

Cisco Secure Web Appliance 12.0.2-012

Cisco Secure Web Appliance 12.0.2-004

Cisco Secure Web Appliance 14.5.1-607

Cisco Secure Web Appliance 14.5.3-033

Cisco Secure Web Appliance 15.0.1-004

Cisco Secure Web Appliance 15.2.1-011

Cisco Secure Web Appliance 14.5.0-673

Cisco Secure Web Appliance 14.5.0-537

Cisco Secure Web Appliance 12.0.1-334

Cisco Secure Web Appliance 14.0.1-503

Cisco Secure Web Appliance 14.0.1-053

Cisco Secure Web Appliance 11.8.0-429

Cisco Secure Web Appliance 14.0.1-040

Cisco Secure Web Appliance 14.0.1-014

Cisco Secure Web Appliance 12.5.1-043

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Cisco

Products

References

Canonical

CVE-2025-20184 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20184)

Miscellaneous

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34

Rapid7

Unknown

CVE-2025-20184

Unknown

Unknown

None

High

Network

CVE-2025-20184

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2025-20184

Unknown

Unknown

None

High

Network

CVE-2025-20184

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification