CVE-2025-20130: 
Cisco ISE vulnerability analysis and mitigation

A vulnerability (CVE-2025-20130) was discovered in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). This vulnerability allows an authenticated remote attacker with administrative privileges to upload files to affected devices. The vulnerability was disclosed on June 4, 2025, and affects multiple versions of Cisco ISE and ISE-PIC (Cisco Advisory, NVD).

The vulnerability stems from improper validation of the file copy function in the API. It has been assigned a CVSS v3.1 base score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N. The vulnerability is classified under CWE-284 (Improper Access Control). An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to upload arbitrary files to an affected system. The impact is primarily focused on system integrity, with no direct impact on confidentiality or availability (Cisco Advisory).

Cisco has released software updates that address this vulnerability. No workarounds are available. The following versions contain fixes: version 3.1 P10 for release 3.1, version 3.2 P7 for release 3.2, version 3.3 P3 for release 3.3, while version 3.4 is not vulnerable. Users running version 3.0 and earlier should migrate to a fixed release (Cisco Advisory).

Security researchers and organizations recommend immediate patching due to the public availability of proof-of-concept exploit code. Tenable has classified this as a 'Vulnerability Being Monitored' and recommends immediate patching to ensure security (Tenable).