What is CVE-2025-20153?

CVE-2025-20153 is a medium-severity vulnerability in Cisco Secure Email, classified under Improper Access Control. CVSS score: 5.8/10. Published 2025-02-19.

How severe is CVE-2025-20153?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Vulnerability in Cisco Secure Email

CVE-2025-20153

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device…

EPSS: 0.001 (32.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Cisco Secure Email — versions 14.0.0-698, 13.5.1-277, 13.0.0-392

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

cisco-sa-esa-mailpol-bypass-5nVcJZMw

Frequently asked questions

What is CVE-2025-20153?: CVE-2025-20153 is a medium-severity vulnerability in Cisco Secure Email, classified under Improper Access Control. CVSS score: 5.8/10. Published 2025-02-19.
How severe is CVE-2025-20153?: Medium severity. CVSS v3 base score is 5.8 out of 10.