Cisco Secure Email Gateway Email Filter Bypass Vulnerability (CVE-2025-20153)

CVE number = CVE-2025-20153

A vulnerability in the email filtering mechanism of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to bypass the configured rules and allow emails that should have been denied to flow through an affected device.

This vulnerability is due to improper handling of email that passes through an affected device. An attacker could exploit this vulnerability by sending a crafted email through the affected device. A successful exploit could allow the attacker to bypass email filters on the affected device.

At the time of publication, this vulnerability affected Cisco Secure Email Gateway if it was running a vulnerable release of Cisco AsyncOS Software.

The left column lists Cisco software releases, and the right column indicates whether a release was affected by the vulnerability that is described in this advisory and which release included the fix for this vulnerability.

Cisco AsyncOS Software for Secure Email Gateway Release	First Fixed Release
14.2 and earlier	Migrate to fixed release.
15.0	Migrate to fixed release.
16.0	16-0-0-054

In most cases, the software can be upgraded over the network by using the System Upgrade options in the web interface of the appliance. To upgrade a device by using the web interface, do the following:

1. Choose System Administration > System Upgrade.
2. Click Upgrade Options.
3. Choose Download and Install.
4. Choose the release to upgrade to.
5. In the Upgrade Preparation area, choose the appropriate options.
6. Click Proceed to begin the upgrade. A progress bar displays the status of the upgrade.

After the upgrade is complete, the device reboots.

Cisco has released software updates that address this vulnerability.

There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-mailpol-bypass-5nVcJZMw