216.73.217.22

CVE-2025-20281

· Published 28/07/2025 02:00 · Modified 21/12/2025 16:20 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2025-20281 2025-06-25CVE-2025-20281CWE-74[email protected]

Essential information

Published
28/07/2025 02:00
Modified
21/12/2025 16:20
Author
Cybersecurity and Infrastructure Security Agency
Creator
Cybersecurity and Infrastructure Security Agency
CVSS
10.0 CRITICAL (v3.1)
CISA KEV
Yes
CWE
CVSS vector
CVSS:3.1/AV:N/C:H/I:H/A:H

CVSS metrics

Description

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisco / identity services engine cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*
cisco / identity services engine pic cpe:2.3:a:cisco:identity_services_engine_pic:*:*:*:*:*:*:*:*

References

Related entities

Attack reports, intrusion sets, malwares, attack patterns and indicators linked to this vulnerability.

Attack reports (1)