CVE-2025-20304_CVE-2025-20304

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.

These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device.

Basic Information

ID CVE-2025-20304

Source cisco

Published Nov 5, 2025 at 16:33

Modified Nov 5, 2025 at 20:20

Affected Product

Vendor Cisco

Product Cisco Identity Services Engine Software

Version 3.1.0

Affected Versions Cisco Cisco Identity Services Engine Software 3.1.0
Cisco Cisco Identity Services Engine Software 3.1.0 p1
Cisco Cisco Identity Services Engine Software 3.1.0 p3
Cisco Cisco Identity Services Engine Software 3.1.0 p2
Cisco Cisco Identity Services Engine Software 3.1.0 p4
Cisco Cisco Identity Services Engine Software 3.1.0 p5
Cisco Cisco Identity Services Engine Software 3.1.0 p6
Cisco Cisco Identity Services Engine Software 3.1.0 p7
Cisco Cisco Identity Services Engine Software 3.1.0 p8
Cisco Cisco Identity Services Engine Software 3.1.0 p9
Cisco Cisco Identity Services Engine Software 3.1.0 p10
Cisco Cisco Identity Services Engine Software 3.2.0
Cisco Cisco Identity Services Engine Software 3.2.0 p1
Cisco Cisco Identity Services Engine Software 3.2.0 p2
Cisco Cisco Identity Services Engine Software 3.2.0 p3
Cisco Cisco Identity Services Engine Software 3.2.0 p4
Cisco Cisco Identity Services Engine Software 3.2.0 p5
Cisco Cisco Identity Services Engine Software 3.2.0 p6
Cisco Cisco Identity Services Engine Software 3.2.0 p7
Cisco Cisco Identity Services Engine Software 3.3.0
Cisco Cisco Identity Services Engine Software 3.3 Patch 2
Cisco Cisco Identity Services Engine Software 3.3 Patch 1
Cisco Cisco Identity Services Engine Software 3.3 Patch 3
Cisco Cisco Identity Services Engine Software 3.3 Patch 4
Cisco Cisco Identity Services Engine Software 3.3 Patch 5
Cisco Cisco Identity Services Engine Software 3.3 Patch 6
Cisco Cisco Identity Services Engine Software 3.3 Patch 7
Cisco Cisco Identity Services Engine Software 3.4.0
Cisco Cisco Identity Services Engine Software 3.4 Patch 1
Cisco Cisco Identity Services Engine Software 3.4 Patch 2
Cisco Cisco Identity Services Engine Software 3.4 Patch 3

References

sec.cloudapps.cisco.com /security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH

{
    "lastseen": "",
    "description": "Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interface.\r\n\r These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have at least a low-privileged account on the affected device.",
    "published": "2025-11-05T16:33:27.573Z",
    "modified": "2025-11-05T20:20:07.804Z",
    "type": "cve",
    "title": "CVE-2025-20304",
    "source": "cisco",
    "references": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH",
    "id": "CVE-2025-20304",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Cisco Cisco Identity Services Engine Software 3.1.0\nCisco Cisco Identity Services Engine Software 3.1.0 p1\nCisco Cisco Identity Services Engine Software 3.1.0 p3\nCisco Cisco Identity Services Engine Software 3.1.0 p2\nCisco Cisco Identity Services Engine Software 3.1.0 p4\nCisco Cisco Identity Services Engine Software 3.1.0 p5\nCisco Cisco Identity Services Engine Software 3.1.0 p6\nCisco Cisco Identity Services Engine Software 3.1.0 p7\nCisco Cisco Identity Services Engine Software 3.1.0 p8\nCisco Cisco Identity Services Engine Software 3.1.0 p9\nCisco Cisco Identity Services Engine Software 3.1.0 p10\nCisco Cisco Identity Services Engine Software 3.2.0\nCisco Cisco Identity Services Engine Software 3.2.0 p1\nCisco Cisco Identity Services Engine Software 3.2.0 p2\nCisco Cisco Identity Services Engine Software 3.2.0 p3\nCisco Cisco Identity Services Engine Software 3.2.0 p4\nCisco Cisco Identity Services Engine Software 3.2.0 p5\nCisco Cisco Identity Services Engine Software 3.2.0 p6\nCisco Cisco Identity Services Engine Software 3.2.0 p7\nCisco Cisco Identity Services Engine Software 3.3.0\nCisco Cisco Identity Services Engine Software 3.3 Patch 2\nCisco Cisco Identity Services Engine Software 3.3 Patch 1\nCisco Cisco Identity Services Engine Software 3.3 Patch 3\nCisco Cisco Identity Services Engine Software 3.3 Patch 4\nCisco Cisco Identity Services Engine Software 3.3 Patch 5\nCisco Cisco Identity Services Engine Software 3.3 Patch 6\nCisco Cisco Identity Services Engine Software 3.3 Patch 7\nCisco Cisco Identity Services Engine Software 3.4.0\nCisco Cisco Identity Services Engine Software 3.4 Patch 1\nCisco Cisco Identity Services Engine Software 3.4 Patch 2\nCisco Cisco Identity Services Engine Software 3.4 Patch 3",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cisco Identity Services Engine Software",
    "version": "3.1.0",
    "vendor": "Cisco",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply