CVE-2025-20264: 
Cisco ISE vulnerability analysis and mitigation

A vulnerability (CVE-2025-20264) was discovered in the web-based management interface of Cisco Identity Services Engine (ISE). The vulnerability was first published on June 25, 2025, and affects Cisco ISE systems using SAML SSO integration with an external identity provider for user creation. This security flaw is classified as a medium severity issue with a CVSS base score of 6.4 (Cisco Advisory).

The vulnerability stems from insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. It has been assigned CWE-285 (Improper Authorization) and received a CVSS v3.1 score of 6.4 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L) (Cisco Advisory).

A successful exploitation of this vulnerability could allow an attacker to modify a limited number of system settings, including those that would trigger a system restart. In single-node Cisco ISE deployments, this could result in network authentication disruption, as devices would be unable to authenticate until the Cisco ISE system comes back online (Cisco Advisory).

Cisco has released software updates to address this vulnerability. The fixed releases include version 3.2P8 (scheduled for November 2025), 3.3P5, and 3.4P2. Users of version 3.1 and earlier are advised to migrate to a fixed release. No workarounds are available for this vulnerability (Cisco Advisory).

The vulnerability was discovered and reported by Jesse Via of Woven by Toyota, demonstrating active security research engagement from the automotive industry sector (Cisco Advisory).