CVE-2025-20332

EPSS 0.12%
Veröffentlicht 06.08.2025 16:14:48
Zuletzt bearbeitet 15.04.2026 00:35:42
Quelle psirt@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Cisco Identity Services Engine Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device.

This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker would need valid read-only Administrator credentials.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerCisco

≫

Produkt Cisco Identity Services Engine Software

Default Statusunknown

Version 3.1.0

Status affected

Version 3.1.0 p1

Status affected

Version 3.1.0 p3

Status affected

Version 3.1.0 p2

Status affected

Version 3.2.0

Status affected

Version 3.1.0 p4

Status affected

Version 2.7.0 p8

Status affected

Version 3.1.0 p5

Status affected

Version 3.2.0 p1

Status affected

Version 3.1.0 p6

Status affected

Version 3.2.0 p2

Status affected

Version 3.1.0 p7

Status affected

Version 3.3.0

Status affected

Version 3.2.0 p3

Status affected

Version 3.2.0 p4

Status affected

Version 3.1.0 p8

Status affected

Version 3.2.0 p5

Status affected

Version 3.2.0 p6

Status affected

Version 3.1.0 p9

Status affected

Version 3.3 Patch 2

Status affected

Version 3.3 Patch 1

Status affected

Version 3.3 Patch 3

Status affected

Version 3.4.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.302

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise_xss_acc_cont-YsR4uT4U

https://nvd.nist.gov/vuln/detail/CVE-2025-20332

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-20332

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-20332

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-20332