CVE-2025-20130

CWE-284Improper Access ControlCWE-434Unrestricted File Upload4 documents4 sources
Severity
7.2HIGH
EPSS
0.2%
top 54.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Identity Services EngineCisco Identity Services Engine Passive Identity ConnectorCisco Cisco Identity Services Engine Software
Timeline
PublishedJun 4

Description

A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

🔴Vulnerability Details

2
CVEList
Cisco Identity Services Engine Access Control Bypass Vulnerability2025-06-04
GHSA
GHSA-px43-75mc-j6hq: A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, re2025-06-04

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Arbitrary File Upload Vulnerability2025-06-04
CVE-2025-20130 (HIGH CVSS 7.2) | A vulnerability in the API of Cisco | cvebase.io