5.8

CVE-2025-20153

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.  

This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoSecure Email Gateway Version13.0.0-392
CiscoSecure Email Gateway Version13.0.5-007
CiscoSecure Email Gateway Version13.5.1-277
CiscoSecure Email Gateway Version13.5.4-038
CiscoSecure Email Gateway Version14.0.0-698
CiscoSecure Email Gateway Version14.2.0-620
CiscoSecure Email Gateway Version14.2.1-020
CiscoSecure Email Gateway Version14.3.0-032
CiscoSecure Email Gateway Version15.0.0-104
CiscoSecure Email Gateway Version15.0.1-030
CiscoSecure Email Gateway Version15.0.3-002
CiscoSecure Email Gateway Version15.5.0-048
CiscoSecure Email Gateway Version15.5.1-055
CiscoSecure Email Gateway Version15.5.2-018
CiscoSecure Email Gateway Version16.0.0-050
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.09% 0.259
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
psirt@cisco.com 5.8 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.