Information disclosure in Cisco Secure Email
CVE-2025-20207
A vulnerability in Simple Network Management Protocol (SNMP) polling for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, remote attacker to obtain confidential in…
Vulnerability class: Information Disclosure
EPSS: 0.001 (26.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Cisco Secure Email — versions 14.0.0-698, 13.5.1-277, 13.0.0-392
- Cisco Secure Email And Web Manager — versions 13.6.2-023, 13.6.2-078, 13.0.0-249
- Cisco Secure Web Appliance — versions 11.8.0-453, 12.5.3-002, 12.0.3-007
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-20207?
- CVE-2025-20207 is a medium-severity vulnerability in Cisco Secure Email, classified under Information Disclosure. CVSS score: 4.3/10. Published 2025-02-05.
- How severe is CVE-2025-20207?
- Medium severity. CVSS v3 base score is 4.3 out of 10.