CVE-2025-20281

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20281
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*
History

16 Jul 2025, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-06-25 16:15

Updated : 2025-07-16 17:15

NVD link : CVE-2025-20281

Mitre link : CVE-2025-20281

CVE.ORG link : CVE-2025-20281

JSON object : View

Products Affected

cisco

  • identity_services_engine_passive_identity_connector
  • identity_services_engine
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')