Cisco has released patches for a critical vulnerability (CVE-2025-20393) affecting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. This vulnerability has been actively exploited by a threat actor, allowing attackers to gain full control of affected systems.

Affected systems

• Cisco Secure Email Gateway (SEG) appliances: running AsyncOS versions 14.2 and earlier, 15.0, 15.5, and 16.0

• Cisco Secure Email and Web Manager (SEWM) appliances: running AsyncOS versions 15.0 and earlier, 15.5,and 16.0

Security Risks

Exploitation of these vulnerabilities could allow attackers to access sensitive systems, disrupt email services, and remove traces of their activity, potentially compromising critical data.

For the full list of security patches released by Cisco, please refer to Cisco Security Advisories.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and administrators:

1. Follow the Cisco Security Advisory and apply the recommended updates to reduce vulnerability exploitation risk.

2. Apply the required and latest security updates as soon as possible.

              The released software versions for upgrade are:

Cisco Secure Email Gateway (SEG) appliances:

• Versions 14.2 and earlier, 15.0: Upgrade to AsyncOS 15.0.5-016 or later

• Version 15.5: Upgrade to AsyncOS 15.5.4-012 or later

• Version 16.0: Upgrade to AsyncOS 16.0.4-016 or later

Cisco Secure Email and Web Manager (SEWM) appliances:

• Versions 15.0 and earlier: Upgrade to AsyncOS 15.0.2-007 or later

• Version 15.5: Upgrade to AsyncOS 15.5.4-007 or later

• Version 16.0: Upgrade to AsyncOS 16.0.4-010 or later

3. Before any updating task, ensure you have a current, tested backup of your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailing rwcsirt@ncsa.gov.rw or calling us on 9009.

References

• Cisco Security Advisory_Cisco-sa-sma-attack-N9BF4

• Cisco finally fixes AsyncOS zero-day exploited since November