CVE-2025-20153

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.  

This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
ciscoCNA
5.8 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
ciscosecure_email_gateway
13.0.0-392
ciscosecure_email_gateway
13.0.5-007
ciscosecure_email_gateway
13.5.1-277
ciscosecure_email_gateway
13.5.4-038
ciscosecure_email_gateway
14.0.0-698
ciscosecure_email_gateway
14.2.0-620
ciscosecure_email_gateway
14.2.1-020
ciscosecure_email_gateway
14.3.0-032
ciscosecure_email_gateway
15.0.0-104
ciscosecure_email_gateway
15.0.1-030
ciscosecure_email_gateway
15.0.3-002
ciscosecure_email_gateway
15.5.0-048
ciscosecure_email_gateway
15.5.1-055
ciscosecure_email_gateway
15.5.2-018
ciscosecure_email_gateway
16.0.0-050
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw