Cisco ISE related Vulnerability (CVE-2025-20267)

Marcelo Morais · ‎07-07-2025

Introduction
Summary
Workaround
Affected Products & Fixed Software
References

The Portuguese version of this Article can be found at: Vulnerabilidade que afeta o Cisco ISE (CVE-2025-20267) .

For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print > Print to PDF or Copy & Paste to any other document format you like.

Introduction

Please be aware of the following CVE (Common Vulnerabilities and Exposures) of CVSS (Common Vulnerability Scoring System) Medium :

CVE-2025-20267 of May 21, 2025

described in:

CVE-2025-20267 Cisco Identity Services Stored Cross-Site Scripting Vulnerability

CSCwm43231 Cisco Identity Services Stored Cross-Site Scripting Vulnerability.

Summary

A vulnerability in the Web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct Cross-Site Scripting (XSS) attacks against a User of the interface.

Workaround

There is no Workaround that will solve this vulnerability !!!

Affected Products & Fixed Software

The vulnerability affects Cisco ISE in the following versions:

To access the version of Cisco ISE that fixes this CVE:

3.2 P8 of "Future Release"
3.3 P5 of April 10, 2025
3.4 P1 of December 18, 2024

References

Cisco Security Advisories

ISE - CVEs (versão Português) - Video

Renato Guardia · ‎09-19-2025

Thanks for Sharing!

Marcelo Morais · ‎09-19-2025

@Renato Guardia ,

always a pleasure !

Martin L · ‎09-20-2025

thanks for this info!

Marcelo Morais · ‎09-20-2025

@Martin L ,

glad to be helpful !

Adonay dos Anjos · ‎09-29-2025

Parabéns pelo trabalho

Marcelo Morais · ‎09-29-2025

@Adonay dos Anjos ,

muito obrigado !