CVE-2025-20331: 
Cisco ISE vulnerability analysis and mitigation

A vulnerability (CVE-2025-20331) was discovered in the web-based management interface of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The vulnerability was disclosed on August 6, 2025, and affects multiple versions of Cisco ISE Software and ISE-PIC Software. This stored Cross-Site Scripting (XSS) vulnerability allows an authenticated remote attacker with low-privileged access to conduct attacks against users of the interface (Cisco Advisory).

The vulnerability stems from insufficient validation of user-supplied input in the web-based management interface. It has been assigned a CVSS Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is tracked as CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page) (NVD, Cisco Advisory).

A successful exploitation could allow an attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. The vulnerability requires user interaction and can only be exploited by an attacker who has at least a low-privileged account on the affected device (Cisco Advisory).

Cisco has released software updates that address this vulnerability. Fixed releases include ISE version 3.1P10, 3.2P8 (November 2025), and 3.3P4. Version 3.4 is not vulnerable. For ISE-PIC, the same fixed releases apply. There are no workarounds available for this vulnerability (Cisco Advisory).