Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2025-20184

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform command injection attacks against an affected device. The attacker must authenticate with valid administrator credentials.

This vulnerability is due to insufficient validation of XML configuration files by an affected device. An attacker could exploit this vulnerability by uploading a crafted XML configuration file. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

  • Published: Feb 5, 2025
  • Updated: Aug 9, 2025
  • CVE: CVE-2025-20184
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.2
  • AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
cisco / asyncos 13.0.0-392 13.0.0-392.x
cisco / asyncos 13.0.5-007 13.0.5-007.x
cisco / asyncos 13.5.1-277 13.5.1-277.x
cisco / asyncos 13.5.4-038 13.5.4-038.x
cisco / asyncos 14.0.0-698 14.0.0-698.x
cisco / asyncos 14.2.0-620 14.2.0-620.x
cisco / asyncos 14.2.1-020 14.2.1-020.x
cisco / asyncos 14.3.0-032 14.3.0-032.x
cisco / asyncos 15.0.0-104 15.0.0-104.x
cisco / asyncos 15.0.1-030 15.0.1-030.x
cisco / asyncos 15.0.3-002 15.0.3-002.x
cisco / asyncos 15.5.0-048 15.5.0-048.x
cisco / asyncos 15.5.1-055 15.5.1-055.x
cisco / asyncos 15.5.2-018 15.5.2-018.x
cisco / asyncos 15.5.3-022 15.5.3-022.x
cisco / asyncos 11.8.0-414 11.8.0-414.x
cisco / asyncos 11.8.0-429 11.8.0-429.x
cisco / asyncos 11.8.0-453 11.8.0-453.x
cisco / asyncos 11.8.1-023 11.8.1-023.x
cisco / asyncos 11.8.3-018 11.8.3-018.x
cisco / asyncos 11.8.3-021 11.8.3-021.x
cisco / asyncos 11.8.4-004 11.8.4-004.x
cisco / asyncos 12.0.1-268 12.0.1-268.x
cisco / asyncos 12.0.1-334 12.0.1-334.x
cisco / asyncos 12.0.2-004 12.0.2-004.x
cisco / asyncos 12.0.2-012 12.0.2-012.x
cisco / asyncos 12.0.3-005 12.0.3-005.x
cisco / asyncos 12.0.3-007 12.0.3-007.x
cisco / asyncos 12.0.4-002 12.0.4-002.x
cisco / asyncos 12.0.5-011 12.0.5-011.x
cisco / asyncos 12.5.1-011 12.5.1-011.x
cisco / asyncos 12.5.1-043 12.5.1-043.x
cisco / asyncos 12.5.2-007 12.5.2-007.x
cisco / asyncos 12.5.2-011 12.5.2-011.x
cisco / asyncos 12.5.3-002 12.5.3-002.x
cisco / asyncos 12.5.4-005 12.5.4-005.x
cisco / asyncos 12.5.4-011 12.5.4-011.x
cisco / asyncos 12.5.5-004 12.5.5-004.x
cisco / asyncos 12.5.5-005 12.5.5-005.x
cisco / asyncos 12.5.5-008 12.5.5-008.x
cisco / asyncos 12.5.6-008 12.5.6-008.x
cisco / asyncos 14.0.1-014 14.0.1-014.x
cisco / asyncos 14.0.1-040 14.0.1-040.x
cisco / asyncos 14.0.1-053 14.0.1-053.x
cisco / asyncos 14.0.1-503 14.0.1-503.x
cisco / asyncos 14.0.2-012 14.0.2-012.x
cisco / asyncos 14.0.3-014 14.0.3-014.x
cisco / asyncos 14.0.4-005 14.0.4-005.x
cisco / asyncos 14.0.5-007 14.0.5-007.x
cisco / asyncos 14.1.0-032 14.1.0-032.x
cisco / asyncos 14.1.0-041 14.1.0-041.x
cisco / asyncos 14.1.0-047 14.1.0-047.x
cisco / asyncos 14.5.0-498 14.5.0-498.x
cisco / asyncos 14.5.0-537 14.5.0-537.x
cisco / asyncos 14.5.0-673 14.5.0-673.x
cisco / asyncos 14.5.1-008 14.5.1-008.x
cisco / asyncos 14.5.1-016 14.5.1-016.x
cisco / asyncos 14.5.1-510 14.5.1-510.x
cisco / asyncos 14.5.1-607 14.5.1-607.x
cisco / asyncos 14.5.2-011 14.5.2-011.x
cisco / asyncos 14.5.3-033 14.5.3-033.x
cisco / asyncos 15.0.0-322 15.0.0-322.x
cisco / asyncos 15.0.0-355 15.0.0-355.x
cisco / asyncos 15.0.1-004 15.0.1-004.x
cisco / asyncos 15.1.0-287 15.1.0-287.x
cisco / asyncos 15.2.0-116 15.2.0-116.x
cisco / asyncos 15.2.0-164 15.2.0-164.x
cisco / asyncos 15.2.1-011 15.2.1-011.x