Ref# ADV2025_442 | Date: Dec 22nd 2025

---

Cisco published a security advisory highlighting vulnerabilities in the following product on December 17, 2025. It is recommended that you take the necessary precautions by ensuring your product is always updated. 

• Cisco Secure Email Gateway – all versions of AsyncOS with Spam Quarantine feature enabled and exposed on the internet 

• Cisco Secure Email and Web Manager – all versions of AsyncOS with Spam Quarantine feature enabled and exposed on the internet 

Update 1 

On December 17, 2025, Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-20393 to their Known Exploited Vulnerabilities (KEV) Database. 

For more information on these updates, you can follow these URLs: 

• Reports About Cyberattacks Against Cisco Secure Email Gateway And Cisco Secure Email and Web Manager 

• Cisco Security Advisories 

• CISA KEV : CVE-2025-20393 

 

The Guyana National CIRT recommends that users and administrators review this update and apply it where necessary. 

References 

• Cisco Security Advisory (December 17th, 2025). Retrieved from Cisco. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 

• Cisco Security Advisory. (December 17th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av25-848