CVE-2025-20332 MEDIUM

CVE-2025-20332: Cisco Identity Services Engine Authorization Bypass Vulnerability

Vendor Cisco
Product Cisco Identity Services Engine Software
Weakness CWE-863 · Incorrect authorization
Published August 6, 2025
Last update August 6, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker would need valid read-only Administrator credentials.

Key dates

02Disclosure timeline

August 6, 2025 CVE published
August 6, 2025 Record updated