CVE-2025-20267: 
Cisco ISE vulnerability analysis and mitigation

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) was discovered and disclosed on May 21, 2025. The vulnerability (CVE-2025-20267) allows an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface. This vulnerability affects Cisco ISE, regardless of device configuration (Cisco Advisory).

The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. The vulnerability has been assigned a CVSS Base Score of 4.8 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) and is categorized under CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) (Cisco Advisory).

A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. However, to exploit this vulnerability, the attacker must have valid administrative credentials (Cisco Advisory).

Cisco has released software updates that address this vulnerability. The fixed releases include: 3.2P8 (July 2025) for version 3.2, 3.3P5 for version 3.3, and 3.4P1 for version 3.4. Users on version 3.1 and earlier are advised to migrate to a fixed release. There are no workarounds available for this vulnerability (Cisco Advisory).

The vulnerability was independently reported by Grzegorz Misiun of Ing Hubs Poland and kibov, demonstrating collaborative security research in the industry (Cisco Advisory).