CVE-2025-20332 — MEDIUM (4.3)

Vulnerability Description

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is due to the lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to modify descriptions of files on a specific page. To exploit this vulnerability, an attacker would need valid read-only Administrator credentials.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Related Weaknesses (CWE)

CWE-863

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci

FAQ

What is CVE-2025-20332?

CVE-2025-20332 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability is du...

How severe is CVE-2025-20332?

CVE-2025-20332 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-20332?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.