CVE-2025-20185

CVSS 3.1 Score 3.4 of 10 (low)

Details

Published Feb 5, 2025

CWE ID 250

Summary

CVE-2025-20185 is a vulnerability affecting the remote access functionality of Cisco AsyncOS Software used in Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance. Authenticated local attackers with valid administrator credentials can exploit this flaw in the password generation algorithm to elevate privileges to root and execute arbitrary commands, gaining unrestricted access to the underlying operating system. This vulnerability, rated as Medium in severity, allows an attacker to access sensitive information without restriction.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3Farfd
https://www.cve.org/CVERecord?id=CVE-2025-20185
https://nvd.nist.gov/vuln/detail/CVE-2025-20185

Back to Vulnerability Database

CVE-2025-20185

CVSS 3.1 Score 3.4 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations