CVE-2025-20153

MEDIUM

Cisco Secure Email Gateway - Auth Bypass

Title source: llm

Description

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.   This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw

Scores

CVSS v3 5.8

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Products (15)

cisco/secure_email_gateway 13.0.0-392

cisco/secure_email_gateway 13.0.5-007

cisco/secure_email_gateway 13.5.1-277

cisco/secure_email_gateway 13.5.4-038

cisco/secure_email_gateway 14.0.0-698

cisco/secure_email_gateway 14.2.0-620

cisco/secure_email_gateway 14.2.1-020

cisco/secure_email_gateway 14.3.0-032

cisco/secure_email_gateway 15.0.0-104

cisco/secure_email_gateway 15.0.1-030

... and 5 more

Published Feb 19, 2025

Tracked Since Feb 18, 2026