Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers.
AnalysisAI
SEPPmail Secure Email Gateway before version 15.0.3 fails to properly authenticate inner messages within S/MIME-encrypted MIME entities, permitting attackers to manipulate trusted email headers and potentially forge message authenticity. This vulnerability affects the cryptographic validation layer of the gateway, enabling header injection attacks that could deceive users about message origin or content integrity. No CVSS score, EPSS data, or active exploitation confirmation is available in current intelligence.
Technical ContextAI
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for digitally signing and encrypting email messages using public key cryptography. The vulnerability stems from improper authentication of the inner MIME message structure within encrypted entities, classified under CWE-20 (Improper Input Validation). SEPPmail Secure Email Gateway, identified via CPE cpe:2.3:a:seppmail:secure_email_gateway, is an enterprise email security appliance that processes and validates email messages. The flaw allows an attacker to craft a malicious S/MIME-encrypted message where the inner message headers are not cryptographically bound to the signature verification, creating a gap between the encrypted outer layer and the authenticated inner content. This is distinct from standard S/MIME parsing and reflects a gap in the authentication chain during message decryption and header extraction.
RemediationAI
Vendor-released patch: SEPPmail Secure Email Gateway version 15.0.3 and later. Organizations should upgrade immediately to version 15.0.3 or any subsequent release. Detailed remediation steps and release notes are available in the official SEPPmail advisory at https://downloads.seppmail.com/extrelnotes/150/ERN15.0.html#seppmail-vulnerability-disclosure-1503. No interim workarounds are documented; patching is the primary remediation path.
More in Secure Email Gateway
View allSecure Email Gateway from Cellopoint has Buffer Overflow Vulnerability in authentication process. Rated critical severit
A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unau
The SMTP Listener of Secure Email Gateway from Cellopoint does not properly validate user input, leading to a Buffer Ove
Remote code execution in SEPPmail Secure Email Gateway versions prior to 15.0.2.1 enables unauthenticated attackers to e
Authorization bypass in SEPPmail Secure Email Gateway versions prior to 15.0.4 enables remote unauthenticated attackers
Remote unauthenticated attackers can read arbitrary local files and trigger deletion of targeted files in SEPPmail Secur
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers to bypass subject sanitization and forge security t
Account takeover in SEPPmail Secure Email Gateway versions before 15.0.3 allows unauthenticated attackers to reset victi
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to bypass subject line sanitization controls
SEPPmail Secure Email Gateway before version 15.0.3 allows remote attackers to inject malicious certificates into S/MIME
Path traversal in SEPPmail Secure Email Gateway versions before 15.0.5 allows authenticated remote attackers to write fi
SEPPmail Secure Email Gateway before version 15.0.4 exposes server environment variables through an unauthenticated endp
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-18166
GHSA-q7v7-25qx-fcxf