Incorrect Content Type Cross-Site Scripting Vulnerability_CVE-2025-10280

7.1 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Description

IdentityIQ
8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and
all 8.3 patch levels prior to 8.3p6, and all prior versions allows some
IdentityIQ web services that provide non-HTML content to be accessed via a URL
path that will set the Content-Type to HTML allowing a requesting browser to
interpret content not properly escaped to prevent Cross-Site Scripting (XSS).

Basic Information

ID CVE-2025-10280

Source SailPoint

Published Nov 3, 2025 at 16:35

Modified Nov 3, 2025 at 20:50

Affected Product

Vendor SailPoint Technologies

Product IdentityIQ

Version 8.5

Affected Versions SailPoint Technologies IdentityIQ 8.5
SailPoint Technologies IdentityIQ 8.4
SailPoint Technologies IdentityIQ 8.3

CWE Classification

CWE-79

References

www.sailpoint.com /security-advisories/sailpoint-identityiq-incorrect-content-type-cross-site-scripting-vulnerability-cve-2025-10280

{
    "lastseen": "",
    "description": "IdentityIQ\n8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and\nall 8.3 patch levels prior to 8.3p6, and all prior versions allows some\nIdentityIQ web services that provide non-HTML content to be accessed via a URL\npath that will set the Content-Type to HTML allowing a requesting browser to\ninterpret content not properly escaped to prevent Cross-Site Scripting (XSS).",
    "published": "2025-11-03T16:35:56.241Z",
    "modified": "2025-11-03T20:50:38.973Z",
    "type": "cve",
    "title": "Incorrect Content Type Cross-Site Scripting Vulnerability",
    "source": "SailPoint",
    "references": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-incorrect-content-type-cross-site-scripting-vulnerability-cve-2025-10280",
    "id": "CVE-2025-10280",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "SailPoint Technologies IdentityIQ 8.5\nSailPoint Technologies IdentityIQ 8.4\nSailPoint Technologies IdentityIQ 8.3",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "IdentityIQ",
    "version": "8.5",
    "vendor": "SailPoint Technologies",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}