Cisco Identity Services Engine Arbitrary File Upload Vulnerability_CVE-2025-20131

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Description

A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.

This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload via the ISE GUI. A successful exploit could allow the attacker to upload arbitrary files to an affected system.

Basic Information

ID CVE-2025-20131

Source cisco

Published Aug 20, 2025 at 16:26

Modified Aug 20, 2025 at 18:41

Affected Product

Vendor Cisco

Product Cisco Identity Services Engine Software

Version 3.1.0

Affected Versions Cisco Cisco Identity Services Engine Software 3.1.0
Cisco Cisco Identity Services Engine Software 3.1.0 p1
Cisco Cisco Identity Services Engine Software 3.1.0 p3
Cisco Cisco Identity Services Engine Software 3.1.0 p2
Cisco Cisco Identity Services Engine Software 3.2.0
Cisco Cisco Identity Services Engine Software 3.1.0 p4
Cisco Cisco Identity Services Engine Software 2.7.0 p8
Cisco Cisco Identity Services Engine Software 3.1.0 p5
Cisco Cisco Identity Services Engine Software 3.2.0 p1
Cisco Cisco Identity Services Engine Software 3.1.0 p6
Cisco Cisco Identity Services Engine Software 3.2.0 p2
Cisco Cisco Identity Services Engine Software 3.1.0 p7
Cisco Cisco Identity Services Engine Software 3.3.0
Cisco Cisco Identity Services Engine Software 3.2.0 p3
Cisco Cisco Identity Services Engine Software 3.2.0 p4
Cisco Cisco Identity Services Engine Software 3.1.0 p8
Cisco Cisco Identity Services Engine Software 3.2.0 p5
Cisco Cisco Identity Services Engine Software 3.2.0 p6
Cisco Cisco Identity Services Engine Software 3.1.0 p9
Cisco Cisco Identity Services Engine Software 3.3 Patch 2
Cisco Cisco Identity Services Engine Software 3.3 Patch 1

References

{
    "lastseen": "",
    "description": "A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.\r\n\r\nThis vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload via the ISE GUI. A successful exploit could allow the attacker to upload arbitrary files to an affected system.",
    "published": "2025-08-20T16:26:23.055Z",
    "modified": "2025-08-20T18:41:08.904Z",
    "type": "cve",
    "title": "Cisco Identity Services Engine Arbitrary File Upload Vulnerability",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-qksX6C8g\nhttps://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2\nhttps://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682",
    "id": "CVE-2025-20131",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Identity Services Engine Software 3.1.0\nCisco Cisco Identity Services Engine Software 3.1.0 p1\nCisco Cisco Identity Services Engine Software 3.1.0 p3\nCisco Cisco Identity Services Engine Software 3.1.0 p2\nCisco Cisco Identity Services Engine Software 3.2.0\nCisco Cisco Identity Services Engine Software 3.1.0 p4\nCisco Cisco Identity Services Engine Software 2.7.0 p8\nCisco Cisco Identity Services Engine Software 3.1.0 p5\nCisco Cisco Identity Services Engine Software 3.2.0 p1\nCisco Cisco Identity Services Engine Software 3.1.0 p6\nCisco Cisco Identity Services Engine Software 3.2.0 p2\nCisco Cisco Identity Services Engine Software 3.1.0 p7\nCisco Cisco Identity Services Engine Software 3.3.0\nCisco Cisco Identity Services Engine Software 3.2.0 p3\nCisco Cisco Identity Services Engine Software 3.2.0 p4\nCisco Cisco Identity Services Engine Software 3.1.0 p8\nCisco Cisco Identity Services Engine Software 3.2.0 p5\nCisco Cisco Identity Services Engine Software 3.2.0 p6\nCisco Cisco Identity Services Engine Software 3.1.0 p9\nCisco Cisco Identity Services Engine Software 3.3 Patch 2\nCisco Cisco Identity Services Engine Software 3.3 Patch 1",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Identity Services Engine Software",
    "version": "3.1.0",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply