1. Home
  2. CVE Database
  3. CVE-2025-20184
MEDIUM · 6.5

CVE-2025-20184

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform c...

Vulnerability Description

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials. This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
CiscoAsyncos13.0.0-392
CiscoSecure Email Gateway Virtual Appliance C100V-
CiscoSecure Email Gateway Virtual Appliance C300V-
CiscoSecure Email Gateway Virtual Appliance C600V-
CiscoSecure Email Gateway C195-
CiscoSecure Email Gateway C395-
CiscoSecure Email Gateway C695-
CiscoSecure Web Appliance Virtual S1000V-
CiscoSecure Web Appliance Virtual S100V-
CiscoSecure Web Appliance Virtual S300V-
CiscoSecure Web Appliance Virtual S600V-
CiscoSecure Web Appliance S196-
CiscoSecure Web Appliance S396-
CiscoSecure Web Appliance S696-

Related Weaknesses (CWE)

CWE-20CWE-77

References

FAQ

What is CVE-2025-20184?

CVE-2025-20184 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform c...

How severe is CVE-2025-20184?

CVE-2025-20184 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-20184?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Asyncos, Cisco Secure Email Gateway Virtual Appliance C100V, Cisco Secure Email Gateway Virtual Appliance C300V, Cisco Secure Email Gateway Virtual Appliance C600V, Cisco Secure Email Gateway C195.