VDB
CVE-2025-20305
CVE-2025-20305
PUBLISHED
CVSS 4.300000190734863 MEDIUM
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because certain files lack proper data protection mechanisms. An attacker with read-only Administrator privileges could exploit this vulnerability by performing actions where the results should only be viewable to a high-privileged user. A successful exploit could allow the attacker to view passwords that are normally not visible to read-only administrators.
EPSS 0.05% · 15.0th percentile
Risk Scores
CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.05%
15.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | identity_services_engine | 0, 3.2.0, 3.2.0 |
| Cisco | Cisco Identity Services Engine Software | 3.3 Patch 6, 3.4.0, 3.4 Patch 1 |
Exploit Intelligence
- CIRCL seen: CVE-2025-20305 (circl-sighting)
- cisco-sa-ise-multiple-vulns-O9BESWJH (circl)
Timeline
- Oct 10, 2024 CVE ID Reserved
- Nov 5, 2025 Coalition ESS Score
- Nov 5, 2025 CVE Published
- Nov 5, 2025 PoC Published
- Nov 6, 2025 EPSS Score
- Nov 8, 2025 Coalition ESS Score
- Nov 11, 2025 EPSS Score
- Nov 14, 2025 Coalition ESS Score
- Nov 17, 2025 EPSS Score
- Nov 22, 2025 EPSS Score
- Nov 27, 2025 EPSS Score
- Dec 2, 2025 Coalition ESS Score