CVE-2025-20281 - Vulnerability Details

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since July 28, 2025.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Cisco	Identity Services Engine Identity Services Engine Passive Identity Connector

Configuration 1 [-]

OR	cpe:2.3:a:cisco:identity_services_engine:3.3.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6::::::
	cpe:2.3:a:cisco:identity_services_engine:3.4.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability

History

Wed, 30 Jul 2025 02:30:00 +0000

Type	Values Removed	Values Added
References		https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability

Tue, 29 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6::::::

Mon, 28 Jul 2025 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2025-07-28T00:00:00+00:00', 'dueDate': '2025-08-18T00:00:00+00:00'}`

Wed, 16 Jul 2025 16:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}`

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00144}`	epss `{'score': 0.00057}`

Thu, 26 Jun 2025 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco identity Services Engine Cisco identity Services Engine Passive Identity Connector
CPEs		cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:::::: cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:::::: cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1::::::
Vendors & Products		Cisco Cisco identity Services Engine Cisco identity Services Engine Passive Identity Connector

Thu, 26 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 25 Jun 2025 16:45:00 +0000

Type	Values Removed	Values Added
Title	Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerability	Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

Wed, 25 Jun 2025 16:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Title		Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerability
Weaknesses		CWE-74
References		https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-06-25T16:11:42.285Z

Updated: 2025-07-30T01:36:10.259Z

Reserved: 2024-10-10T19:15:13.247Z

Link: CVE-2025-20281

Vulnrichment

Updated: 2025-06-26T13:25:37.306Z

NVD

Status : Analyzed

Published: 2025-06-25T16:15:26.017

Modified: 2025-07-30T19:24:26.480

Link: CVE-2025-20281

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object