CVE-2025-20204

Summary

CVE-2025-20204 is a vulnerability affecting the web-based management interface of Cisco Identity Services Engine (ISE). This issue allows authenticated, remote attackers to carry out cross-site scripting (XSS) attacks against interface users. The vulnerability stems from insufficient input validation by the interface, enabling attackers to inject malicious code into specific pages. A successful exploit results in the execution of arbitrary script code in the interface context or access to sensitive browser-based information. It's important to note that an attacker must possess valid administrative credentials to leverage this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.