Cross-Site Scripting Vulnerability in SailPoint IdentityIQ
CVE-2025-10280

7.1HIGH

Key Information:

Vendor

Sailpoint Technologies

Status
Identityiq
Vendor
CVE Published:
3 November 2025

What is CVE-2025-10280?

SailPoint's IdentityIQ versions prior to 8.4p4 and 8.3p6, as well as all earlier releases, contain a Cross-Site Scripting vulnerability. This flaw allows certain IdentityIQ web services, designed to provide non-HTML content, to be accessed through URL paths that incorrectly set the Content-Type to HTML. As a result, requesting browsers can misinterpret unescaped content, leading to potential XSS attacks. It is essential for users of affected versions to apply the necessary patches promptly to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IdentityIQ 8.5

IdentityIQ 8.5

IdentityIQ 8.4 < 8.4p4

References

https://www.sailpoint.com/security-advisories/sailpoint-i...

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.