CVE-2025-20393

Exploited in the Wild ✓ Confirmed 0-Day
Triaged: March 5, 2026 6 articles
VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24
6.48%
probability
This CVE has a 6.48% probability of being exploited in the next 30 days.
0% Top 91.2th percentile of all CVEs 100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

Exploits & PoC

StasonJatham/cisco-sa-sma-attack-N9bf4

Script to detect CVE-2025-20393 for Cisco Secure Email Gateway And Cisco Secure Email and Web Manager

22
cyberleelawat/CVE-2025-20393

Cisco is aware of a potential vulnerability.  Cisco is currently investigating and will update these details as appropriate as more inf

2
redpack-kr/Blackash-CVE-2025-20393

CVE-2025-20393

0
cyberdudebivash/CYBERDUDEBIVASH-Cisco-AsyncOS-CVE-2025-20393-Scanner

This tool helps identify exposure to CVE-2025-20393 by checking for open TCP/6025 ports, responsive Spam Quarantine interfaces, and known post-exploit

0
4 repos — triés par ⭐ Rechercher sur GitHub ↗

Signal Intelligence

Confidence
95%
EPSS 6.48%
Mentions 6
Last Seen Jan 22, 2026

CNA Information

Analyst Note

CVE-2025-20393 meets all zero-day criteria: exploitation in the wild is explicitly documented by multiple authoritative sources (TheHackerNews, BleepingComputer) naming it as an actively exploited zero-day by APT group UAT-9686 since November 2024, and the vulnerability was patched in December 2025 after exploitation disclosure—establishing that attacks preceded patch availability. This is a classic zero-day scenario with clear timing evidence and consistent corroboration across independent sources.

Threat Actors 2

APT 41
apt_group Information theft and espionage 🇨🇳 CN
Shadow Network
apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026