CVE-2025-20130

Published Jun 4, 2025

Last updated a month ago

CVSS medium 4.9

Overview

Description
A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.
Source
psirt@cisco.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
4.9
Impact score
3.6
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Severity
MEDIUM

Weaknesses

psirt@cisco.com
CWE-284

Social media

Hype score
Not currently trending

  1. CVE-2025-20130 A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker wi… https://t.co/E5cJOyko2C

    @CVEnew

    4 Jun 2025

    370 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.