CISCO Security Advisory
Published Date: May 5, 2026
CVE: CVE-2025-20204
Advisory Summary
❗️⚠️ Security Warning: Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities
Multiple stored Cross-Site Scripting (XSS) flaws have been identified in the web-based management interface of Cisco Identity Services Engine (ISE). These vulnerabilities stem from insufficient input validation, allowing an authenticated remote attacker with valid administrative credentials to inject malicious scripts into interface pages. Successful exploitation can lead to arbitrary script execution within the context of the interface or unauthorized access to sensitive browser-based information.
- Security Impact Rating: Medium
- CVEs: CVE-2025-20204, CVE-2025-20205
- Cisco has released critical software updates to patch these vulnerabilities.
- No available workarounds; immediate update application is strongly recommended for all ISE deployments.
This issue underscores the importance of rigorous input validation in administrative interfaces to prevent privilege abuse and data compromise. Organizations should prioritize patch management in their infrastructure security protocols to mitigate such risks.
Reference: Vendor Advisory