CVE-2025-20305
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2025-11-19

Assigner: Cisco Systems, Inc.

Description
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrator privileges could exploit this vulnerability by performing actions where the results should only be viewable to a high-privileged user. A successful exploit could allow the attacker to view passwords that are normally not visible to read-only administrators.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2025-11-19
Generated
2026-06-16
AI Q&A
2025-11-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-20305
Affected Vendors & Products
Showing 21 associated CPEs
Vendor Product Version / Range
cisco identity_services_engine to 3.1.0 (inc)
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.2.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.3.0
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.4.0
cisco identity_services_engine 3.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1220 The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the web-based management interface of Cisco ISE allows an authenticated remote attacker with read-only Administrator privileges to access sensitive information. It occurs because certain files do not have proper data protection, enabling the attacker to view passwords that should normally be hidden from users with read-only access.

Impact Analysis

The vulnerability could allow an attacker with limited privileges to obtain sensitive information such as passwords that are normally restricted. This could lead to unauthorized access or further exploitation of the affected device or network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20305. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart