Vulnslist

find the latest Cisco vulnerabilities

Cisco Identity Services Engine Reflected Cross-Site Scripting and Information Disclosure Vulnerabilities

cisco-sa-ise-multiple-vulns-O9BESWJH · Medium · Published · Updated

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker to either disclose sensitive information or conduct a reflected cross-site scripting (XSS) attack. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2025-20289, CVE-2025-20303, CVE-2025-20304, CVE-2025-20305
Cisco Bug IDsCSCwo37216, CSCwo37218, CSCwo37181, CSCwo37212
CVSS ScoreBase 5.4
Base 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Base 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Base 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Identity Services Engine Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Identity Services Engine Software known_affected cisco_csaf CVE-2025-20289, CVE-2025-20303, CVE-2025-20304 +1 more 4

Related Products

Product CVE Evidence
Cisco Identity Services Engine Software CVE-2025-20303 Cisco OpenVuln
Cisco ISE Passive Identity Connector CVE-2025-20303 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2025-20289 Cisco OpenVuln
Cisco ISE Passive Identity Connector CVE-2025-20289 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2025-20305 Cisco OpenVuln
Cisco ISE Passive Identity Connector CVE-2025-20305 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2025-20304 Cisco OpenVuln
Cisco ISE Passive Identity Connector CVE-2025-20304 Cisco OpenVuln