Strix
26.1K

CVE-2025-20264

MEDIUMCVSS 6.4/10EPSS 0.28%

Last modified

CVE-2025-20264 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. EPSS estimates a 0.28% chance of exploitation in the next 30 days.

Description

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. 

Metrics

CVSS 3.1
6.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

EPSS Probability
0.28%

19.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoIdentity Services Engine3.0.0
CiscoIdentity Services Engine3.1.0
CiscoIdentity Services Engine3.2.0
CiscoIdentity Services Engine3.3.0
CiscoIdentity Services Engine3.4.0

References

Timeline

Published
Last Modified
Status
Analyzed

Frequently Asked Questions

What is CVE-2025-20264?
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. 
How severe is CVE-2025-20264?
CVE-2025-20264 has a CVSS score of 6.4/10 (MEDIUM severity). The EPSS model estimates a 0.28% probability of exploitation in the next 30 days.
How do I fix CVE-2025-20264?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-20264?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST