SEPPmail Secure Email Gateway versions before 15.0.3 contain a flaw that lets an attacker embed a forged certificate into an S/MIME signature. When the gateway subsequently encrypts communications with a victim, it selects and uses the attacker‑controlled certificate. This capability can allow the attacker to decrypt, alter, or fabricate mail sent by the gateway, effectively turning the encryption mechanism into a vector for data disclosure and spoofing. The weakness follows the certificate‑validation error described in CWE‑295.

All deployments of SEPPmail Secure Email Gateway running any version earlier than 15.0.3 are affected. Because the vulnerability is tied to the version number, administrators should verify their current release and ensure it meets or exceeds the 15.0.3 baseline. No specific patch level is listed beyond the fixed version; any release prior to 15.0.3 remains vulnerable.

The CVSS v3.1 score of 7.7 indicates a high severity that can compromise confidentiality and integrity. EPSS data is unavailable, but the lack of a CISA KEV listing suggests no publicly known exploit at the time of disclosure. The attack can be performed remotely by any actor able to send S/MIME‑signed messages to the affected gateway, and it does not require elevated privileges. The likely attack vector is inferred to be remote via crafted S/MIME signatures, enabling the attacker to influence the encryption process for future mail traffic.