VDB
CVE-2025-20131
CVE-2025-20131
PUBLISHED
CVSS 4.900000095367432 MEDIUM
A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload via the ISE GUI. A successful exploit could allow the attacker to upload arbitrary files to an affected system.
EPSS 0.05% · 17.5th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.05%
17.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine Software | 3.1.0, 3.1.0 p1, 3.1.0 p3 |
Exploit Intelligence
Timeline
- Oct 10, 2024 CVE ID Reserved
- Aug 20, 2025 Coalition ESS Score
- Aug 20, 2025 Coalition ESS Score
- Aug 20, 2025 CVE Published
- Aug 20, 2025 CVE Updated
- Aug 21, 2025 EPSS Score
- Aug 22, 2025 Coalition ESS Score
- Aug 26, 2025 Coalition ESS Score
- Aug 29, 2025 EPSS Score
- Sep 6, 2025 EPSS Score
- Sep 14, 2025 EPSS Score
- Sep 22, 2025 EPSS Score
References
- cisco-sa-ise-file-upload-qksX6C8g url
- https://nvd.nist.gov/vuln/detail/CVE-2025-20131 advisory
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd36820 url
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2 url
- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-66682 url