CVE-2025-20130

A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.

Severity	MEDIUM
CVSS	4.9
CWE	CWE-284
KEV
Published	11 months ago
Modified	10 months ago

Related Products

Product	Advisory
Cisco RV Series Routers	cisco-sa-ise-file-upload-P4M8vwXY
Cisco Nexus Dashboard	cisco-sa-ise-file-upload-P4M8vwXY
Cisco Identity Services Engine Software	cisco-sa-ise-file-upload-P4M8vwXY
Cisco ISE Passive Identity Connector	cisco-sa-ise-file-upload-P4M8vwXY