CVE-2025-20153

Summary

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.  

This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Secure Email14.0.0-698affected
CiscoCisco Secure Email13.5.1-277affected
CiscoCisco Secure Email13.0.0-392affected
CiscoCisco Secure Email14.2.0-620affected
CiscoCisco Secure Email13.0.5-007affected
CiscoCisco Secure Email13.5.4-038affected
CiscoCisco Secure Email14.2.1-020affected
CiscoCisco Secure Email14.3.0-032affected
CiscoCisco Secure Email15.0.0-104affected
CiscoCisco Secure Email15.0.1-030affected
CiscoCisco Secure Email15.5.0-048affected
CiscoCisco Secure Email15.5.1-055affected
CiscoCisco Secure Email15.5.2-018affected
CiscoCisco Secure Email16.0.0-050affected
CiscoCisco Secure Email15.0.3-002affected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References