Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Cisco Products

18 December 2025

Cisco has provided recommendations to address a critical vulnerability in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.

Background

Cisco has provided recommendations to address a critical vulnerability (CVE-2025-20393) in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.

Impact

Successful exploitation of the vulnerability could allow an attacker to perform arbitrary code execution with root privileges on the vulnerable product.

Known Exploitation

This vulnerability is reportedly being exploited.

Affected Products

The vulnerability affects both physical and virtual Cisco Secure Email Gateway and Cisco Secure Email and Web Manager products when the following requirements are met:

  • The Spam Quarantine feature is configured in the product; and

  • The Spam Quarantine feature is exposed to and reachable from the Internet

Users and administrators are advised to check if the Spam Quarantine feature is configured and enabled by connecting to the web management interface and navigate to Management Appliance > Network > IP interfaces > Select the interface on which Spam Quarantine is configured > Determine if the feature is enabled by checking if the checkbox next to Spam Quarantine is checked.

Recommendations

Users and administrators of the affected products are advised to harden their products by restricting access and implementing access control measures to ensure that the ports are not exposed to unsecured networks. The general recommendations to harden the Cisco products are:

  • Do not expose the product directly to the Internet. If Internet access is required, limit it to trusted hosts on necessary ports/protocols only

  • Place Cisco Secure Email Gateway and Secure Email and Web Manager behind firewalls, allowing traffic only from known sources

  • Use separate network interfaces for mail and management functionality on Cisco Secure Email Gateway.

  • Monitor web logs regularly for unusual activity and store logs on an external server for sufficient retention

  • Disable HTTP access to the administrator portal

  • Turn off all unnecessary network services, including HTTP and FTP

  • Keep the appliance updated with the latest Cisco AsyncOS software

  • Use strong authentication methods such as Security Assertion Markup Language (SAML) or Lightweight Directory Access Protocol (LDAP) for user access

  • Change default administrator passwords and restrict access to administrator account by assigning user accounts based on their necessary access requirements

  • Use SSL/TLS and use an SSL certificate from a certificate authority or create a self-signed certificate

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4

https://nvd.nist.gov/vuln/detail/CVE-2025-20393

Back to top