CVE-2025-20131
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-20

Last updated on: 2025-08-22

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload using the Cisco ISE GUI. A successful exploit could allow the attacker to upload arbitrary files to an affected system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-20
Last Modified
2025-08-22
Generated
2026-05-07
AI Q&A
2025-08-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20131
EUVD
EUVD-2025-25392
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisco identity_services_engine 3.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the GUI of Cisco Identity Services Engine (ISE) and allows an authenticated remote attacker with administrative privileges to upload arbitrary files to the affected device. It is caused by improper validation of the file copy function, which can be exploited by sending a crafted file upload through the ISE GUI.


How can this vulnerability impact me? :

The vulnerability could allow an attacker with administrative access to upload arbitrary files to the system, potentially leading to unauthorized modification or compromise of the device. This could impact the integrity of the system and possibly lead to further exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart