CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-10280

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a requesting browser to interpret content not properly escaped to prevent Cross-Site Scripting (XSS).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.4%

CVSS Severity

CVSS v3 Score 7.1

References

https://www.sailpoint.com/security-advisories/sailpoint-identityiq-incorrect-content-type-cross-site-scripting-vulnerability-cve-2025-10280

Products affected by CVE-2025-10280

Sailpoint » Identityiq » Version: 7.1

cpe:2.3:a:sailpoint:identityiq:7.1
Sailpoint » Identityiq » Version: 7.2

cpe:2.3:a:sailpoint:identityiq:7.2
Sailpoint » Identityiq » Version: 7.3

cpe:2.3:a:sailpoint:identityiq:7.3
Sailpoint » Identityiq » Version: 8.0

cpe:2.3:a:sailpoint:identityiq:8.0
Sailpoint » Identityiq » Version: 8.1

cpe:2.3:a:sailpoint:identityiq:8.1
Sailpoint » Identityiq » Version: 8.2

cpe:2.3:a:sailpoint:identityiq:8.2
Sailpoint » Identityiq » Version: 8.3

cpe:2.3:a:sailpoint:identityiq:8.3
Sailpoint » Identityiq » Version: 8.4

cpe:2.3:a:sailpoint:identityiq:8.4
Sailpoint » Identityiq » Version: 8.5

cpe:2.3:a:sailpoint:identityiq:8.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-10280

Products

Pricing

Contact Us