CVE-2025-20303: 
Cisco ISE vulnerability analysis and mitigation

Multiple vulnerabilities in the web-based management interface of Cisco ISE (Identity Services Engine) and Cisco ISE-PIC were disclosed on November 5, 2025. The vulnerability, tracked as CVE-2025-20303, is a reflected Cross-Site Scripting (XSS) vulnerability that affects the web-based management interface of these systems (Cisco Advisory).

The vulnerability stems from insufficient validation of user-supplied input by the web-based management interface of the affected system. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with changed scope and low impact on confidentiality and integrity (NVD).

A successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. The attack requires the attacker to have at least a low-privileged account on the affected device (Cisco Advisory).

Cisco has released software updates that address these vulnerabilities. The fixed versions include ISE 3.2 Patch 8 (Dec 2025), ISE 3.3 Patch 8 (Nov 2025), and ISE 3.4 Patch 2. There are no workarounds available for these vulnerabilities, making it crucial for affected users to upgrade to the patched versions (Cisco Advisory).