CVE-2025-20185 - Vulnerability Details

CVE-2025-20185 - Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability

A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Asyncos Secure Email And Web Manager M170 Secure Email And Web Manager M190 Secure Email And Web Manager M195 Secure Email And Web Manager M380 Secure Email And Web Manager M390 Secure Email And Web Manager M390x Secure Email And Web Manager M395 Secure Email And Web Manager M680 Secure Email And Web Manager M690 Secure Email And Web Manager M690x Secure Email And Web Manager M695 Secure Email And Web Manager Virtual Appliance M100v Secure Email And Web Manager Virtual Appliance M300v Secure Email And Web Manager Virtual Appliance M600v

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:asyncos:13.0.0-392:::::::*
	cpe:2.3:o:cisco:asyncos:13.0.5-007:::::::*
	cpe:2.3:o:cisco:asyncos:13.5.1-277:::::::*
	cpe:2.3:o:cisco:asyncos:13.5.4-038:::::::*
	cpe:2.3:o:cisco:asyncos:14.0.0-698:::::::*
	cpe:2.3:o:cisco:asyncos:14.2.0-620:::::::*
	cpe:2.3:o:cisco:asyncos:14.2.1-020:::::::*
	cpe:2.3:o:cisco:asyncos:14.3.0-032:::::::*
	cpe:2.3:o:cisco:asyncos:15.0.0-104:::::::*
	cpe:2.3:o:cisco:asyncos:15.0.1-030:::::::*
	cpe:2.3:o:cisco:asyncos:15.0.3-002:::::::*
	cpe:2.3:o:cisco:asyncos:15.5.0-048:::::::*
	cpe:2.3:o:cisco:asyncos:15.5.1-055:::::::*
	cpe:2.3:o:cisco:asyncos:15.5.2-018:::::::*

OR	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:::::::*
	cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:::::::*
	cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34

History

Wed, 06 Aug 2025 17:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco asyncos Cisco secure Email And Web Manager M170 Cisco secure Email And Web Manager M190 Cisco secure Email And Web Manager M195 Cisco secure Email And Web Manager M380 Cisco secure Email And Web Manager M390 Cisco secure Email And Web Manager M390x Cisco secure Email And Web Manager M395 Cisco secure Email And Web Manager M680 Cisco secure Email And Web Manager M690 Cisco secure Email And Web Manager M690x Cisco secure Email And Web Manager M695 Cisco secure Email And Web Manager Virtual Appliance M100v Cisco secure Email And Web Manager Virtual Appliance M300v Cisco secure Email And Web Manager Virtual Appliance M600v
CPEs		cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m100v:-:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m300v:-:::::::* cpe:2.3:a:cisco:secure_email_and_web_manager_virtual_appliance_m600v:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m170:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m190:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m195:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m380:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m390:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m390x:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m395:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m680:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m690:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m690x:-:::::::* cpe:2.3:h:cisco:secure_email_and_web_manager_m695:-:::::::* cpe:2.3:o:cisco:asyncos:13.0.0-392:::::::* cpe:2.3:o:cisco:asyncos:13.0.5-007:::::::* cpe:2.3:o:cisco:asyncos:13.5.1-277:::::::* cpe:2.3:o:cisco:asyncos:13.5.4-038:::::::* cpe:2.3:o:cisco:asyncos:14.0.0-698:::::::* cpe:2.3:o:cisco:asyncos:14.2.0-620:::::::* cpe:2.3:o:cisco:asyncos:14.2.1-020:::::::* cpe:2.3:o:cisco:asyncos:14.3.0-032:::::::* cpe:2.3:o:cisco:asyncos:15.0.0-104:::::::* cpe:2.3:o:cisco:asyncos:15.0.1-030:::::::* cpe:2.3:o:cisco:asyncos:15.0.3-002:::::::* cpe:2.3:o:cisco:asyncos:15.5.0-048:::::::* cpe:2.3:o:cisco:asyncos:15.5.1-055:::::::* cpe:2.3:o:cisco:asyncos:15.5.2-018:::::::*
Vendors & Products		Cisco Cisco asyncos Cisco secure Email And Web Manager M170 Cisco secure Email And Web Manager M190 Cisco secure Email And Web Manager M195 Cisco secure Email And Web Manager M380 Cisco secure Email And Web Manager M390 Cisco secure Email And Web Manager M390x Cisco secure Email And Web Manager M395 Cisco secure Email And Web Manager M680 Cisco secure Email And Web Manager M690 Cisco secure Email And Web Manager M690x Cisco secure Email And Web Manager M695 Cisco secure Email And Web Manager Virtual Appliance M100v Cisco secure Email And Web Manager Virtual Appliance M300v Cisco secure Email And Web Manager Virtual Appliance M600v

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00012}`	epss `{'score': 0.00019}`

Wed, 05 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 05 Feb 2025 16:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker.
Title		Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Privilege Escalation Vulnerability
Weaknesses		CWE-250
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-wsa-multi-yKUJhS34
Metrics		cvssV3_1 `{'score': 3.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-02-05T16:14:38.541Z

Updated: 2025-02-05T16:59:47.445Z

Reserved: 2024-10-10T19:15:13.226Z

Link: CVE-2025-20185

Vulnrichment

Updated: 2025-02-05T16:59:43.681Z

NVD

Status : Analyzed

Published: 2025-02-05T17:15:25.883

Modified: 2025-08-06T16:53:52.867

Link: CVE-2025-20185

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object