CVE-2025-20185

Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance (affected versions not specified)

Description: A vulnerability in the implementation of the remote access functionality could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This issue is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this by generating a temporary password for the service account, potentially allowing the execution of arbitrary commands as root and access to the underlying operating system.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.