Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2025-20180

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Operator.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.8%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2025-20180


Contact Us

Shodan ® - All rights reserved