{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20264", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.243Z", "datePublished": "2025-06-25T16:11:42.274Z", "dateUpdated": "2025-06-26T19:53:19.444Z"}, "containers": {"cna": {"title": "Cisco Identity Services Engine Authorization Bypass Vulnerability", "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "LOW"}}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. "}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-mVfKVQAU", "name": "cisco-sa-ise-auth-bypass-mVfKVQAU"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ise-auth-bypass-mVfKVQAU", "discovery": "EXTERNAL", "defects": ["CSCwm59423"]}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Authorization", "type": "cwe", "cweId": "CWE-285"}]}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"version": "3.0.0", "status": "affected"}, {"version": "3.0.0 p1", "status": "affected"}, {"version": "3.0.0 p2", "status": "affected"}, {"version": "3.0.0 p3", "status": "affected"}, {"version": "3.1.0", "status": "affected"}, {"version": "3.0.0 p4", "status": "affected"}, {"version": "3.1.0 p1", "status": "affected"}, {"version": "3.0.0 p5", "status": "affected"}, {"version": "3.1.0 p3", "status": "affected"}, {"version": "3.1.0 p2", "status": "affected"}, {"version": "3.0.0 p6", "status": "affected"}, {"version": "3.2.0", "status": "affected"}, {"version": "3.1.0 p4", "status": "affected"}, {"version": "3.1.0 p5", "status": "affected"}, {"version": "3.2.0 p1", "status": "affected"}, {"version": "3.0.0 p7", "status": "affected"}, {"version": "3.1.0 p6", "status": "affected"}, {"version": "3.2.0 p2", "status": "affected"}, {"version": "3.1.0 p7", "status": "affected"}, {"version": "3.3.0", "status": "affected"}, {"version": "3.2.0 p3", "status": "affected"}, {"version": "3.0.0 p8", "status": "affected"}, {"version": "3.2.0 p4", "status": "affected"}, {"version": "3.1.0 p8", "status": "affected"}, {"version": "3.2.0 p5", "status": "affected"}, {"version": "3.2.0 p6", "status": "affected"}, {"version": "3.1.0 p9", "status": "affected"}, {"version": "3.3 Patch 2", "status": "affected"}, {"version": "3.3 Patch 1", "status": "affected"}, {"version": "3.3 Patch 3", "status": "affected"}, {"version": "3.4.0", "status": "affected"}, {"version": "3.2.0 p7", "status": "affected"}, {"version": "3.3 Patch 4", "status": "affected"}, {"version": "3.4 Patch 1", "status": "affected"}, {"version": "3.1.0 p10", "status": "affected"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-25T16:11:42.274Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-26T19:53:06.402843Z", "id": "CVE-2025-20264", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T19:53:19.444Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-20264", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-26T19:53:06.402843Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-26T19:53:13.280Z"}}], "cna": {"title": "Cisco Identity Services Engine Authorization Bypass Vulnerability", "source": {"defects": ["CSCwm59423"], "advisory": "cisco-sa-ise-auth-bypass-mVfKVQAU", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "3.0.0 p1"}, {"status": "affected", "version": "3.0.0 p2"}, {"status": "affected", "version": "3.0.0 p3"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.0.0 p4"}, {"status": "affected", "version": "3.1.0 p1"}, {"status": "affected", "version": "3.0.0 p5"}, {"status": "affected", "version": "3.1.0 p3"}, {"status": "affected", "version": "3.1.0 p2"}, {"status": "affected", "version": "3.0.0 p6"}, {"status": "affected", "version": "3.2.0"}, {"status": "affected", "version": "3.1.0 p4"}, {"status": "affected", "version": "3.1.0 p5"}, {"status": "affected", "version": "3.2.0 p1"}, {"status": "affected", "version": "3.0.0 p7"}, {"status": "affected", "version": "3.1.0 p6"}, {"status": "affected", "version": "3.2.0 p2"}, {"status": "affected", "version": "3.1.0 p7"}, {"status": "affected", "version": "3.3.0"}, {"status": "affected", "version": "3.2.0 p3"}, {"status": "affected", "version": "3.0.0 p8"}, {"status": "affected", "version": "3.2.0 p4"}, {"status": "affected", "version": "3.1.0 p8"}, {"status": "affected", "version": "3.2.0 p5"}, {"status": "affected", "version": "3.2.0 p6"}, {"status": "affected", "version": "3.1.0 p9"}, {"status": "affected", "version": "3.3 Patch 2"}, {"status": "affected", "version": "3.3 Patch 1"}, {"status": "affected", "version": "3.3 Patch 3"}, {"status": "affected", "version": "3.4.0"}, {"status": "affected", "version": "3.2.0 p7"}, {"status": "affected", "version": "3.3 Patch 4"}, {"status": "affected", "version": "3.4 Patch 1"}, {"status": "affected", "version": "3.1.0 p10"}], "defaultStatus": "unknown"}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-mVfKVQAU", "name": "cisco-sa-ise-auth-bypass-mVfKVQAU"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. "}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-285", "description": "Improper Authorization"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-06-25T16:11:42.274Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20264", "state": "PUBLISHED", "dateUpdated": "2025-06-26T19:53:19.444Z", "dateReserved": "2024-10-10T19:15:13.243Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2025-06-25T16:11:42.274Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "2B3A267A-5FEA-426D-903E-BD3F4F94A1A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "B1B3207B-1B9C-41AA-8EF6-8478458462E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*", "matchCriteriaId": "C5B9E7F3-B0F2-4A6A-B939-A62E9B12CCEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*", "matchCriteriaId": "EF4C5A58-D0AE-48D6-9757-18C1D5BE5070", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch8:*:*:*:*:*:*", "matchCriteriaId": "0DB3133B-FBE4-47F3-88FD-9AC02AFB7EBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*", "matchCriteriaId": "7A789B44-7E6C-4FE9-BD40-702A871AB8AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "93920663-445E-4456-A905-81CEC6CA1833", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch10:*:*:*:*:*:*", "matchCriteriaId": "DF9CCBFA-0004-48F7-B142-6FDD4B3E1081", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "33DA5BB8-4CFE-44BD-9CEB-BC26577E8477", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "D3AEFA85-66B5-4145-A4AD-96D1FF86B46D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "7A6A0697-6A9E-48EF-82D8-36C75E0CDFDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "E939B65A-7912-4C36-8799-03A1526D7BD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*", "matchCriteriaId": "833B438F-0869-4C0D-9952-750C00702E8D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*", "matchCriteriaId": "E8B2588D-01F9-450B-B2E3-ADC4125E354E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*", "matchCriteriaId": "E41016C0-19E6-4BCC-A8DD-F6C9A2B0003E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*", "matchCriteriaId": "654E946A-07C5-4036-BC54-85EF42B808DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "7932D5D5-83E1-4BEF-845A-D0783D4BB750", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "1B818846-4A6E-4256-B344-281E8C786C43", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "A44858A2-922A-425A-8B38-0C47DB911A3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "53484A32-757B-42F8-B655-554C34222060", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "0CCAC61F-C273-49B3-A631-31D3AE3EB148", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*", "matchCriteriaId": "51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*", "matchCriteriaId": "B452B4F0-8510-475E-9AE8-B48FABB4D7D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch7:*:*:*:*:*:*", "matchCriteriaId": "5733512D-12B5-4098-AF90-9D68217FAC27", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*", "matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*", "matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*", "matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*", "matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*", "matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*", "matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. "}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n web de Cisco Identity Services Engine (ISE) podr\u00eda permitir que un atacante remoto autenticado eluda los mecanismos de autorizaci\u00f3n para funciones administrativas espec\u00edficas. Esta vulnerabilidad se debe a la insuficiencia de los mecanismos de aplicaci\u00f3n de la autorizaci\u00f3n para los usuarios creados por la integraci\u00f3n de SSO SAML con un proveedor de identidad externo. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una serie de comandos espec\u00edficos a un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle modificar un n\u00famero limitado de configuraciones del sistema, incluyendo algunas que provocar\u00edan el reinicio del sistema. En implementaciones de Cisco ISE de un solo nodo, los dispositivos que no est\u00e9n autenticados en la red no podr\u00e1n autenticarse hasta que el sistema Cisco ISE vuelva a estar en l\u00ednea."}], "id": "CVE-2025-20264", "lastModified": "2025-07-08T14:53:22.550", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2025-06-25T16:15:25.833", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-mVfKVQAU"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-285"}], "source": "[email protected]", "type": "Primary"}]}

{}