Vulnerabilites related to cisco - identity_services_engine_passive_identity_connector
CVE-2025-20130 (GCVE-0-2025-20130)
Vulnerability from cvelistv5
Published
2025-06-04 16:17
Modified
2025-06-23 20:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.
This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.0.0 Version: 3.0.0 p1 Version: 3.0.0 p2 Version: 3.0.0 p3 Version: 3.1.0 Version: 3.0.0 p4 Version: 3.1.0 p1 Version: 3.0.0 p5 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.0.0 p6 Version: 3.2.0 Version: 3.1.0 p4 Version: 2.7.0 p8 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.0.0 p7 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.0.0 p8 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20130",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T18:13:24.858171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T18:20:23.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.0 p1"
},
{
"status": "affected",
"version": "3.0.0 p2"
},
{
"status": "affected",
"version": "3.0.0 p3"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.0.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.0.0 p5"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.0.0 p6"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "2.7.0 p8"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.0.0 p7"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.0.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.\r\n\r\nThis vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T20:27:53.961Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-file-upload-P4M8vwXY",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY"
}
],
"source": {
"advisory": "cisco-sa-ise-file-upload-P4M8vwXY",
"defects": [
"CSCwj33565"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Access Control Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20130",
"datePublished": "2025-06-04T16:17:27.311Z",
"dateReserved": "2024-10-10T19:15:13.212Z",
"dateUpdated": "2025-06-23T20:27:53.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20284 (GCVE-0-2025-20284)
Vulnerability from cvelistv5
Published
2025-07-16 16:16
Modified
2025-07-17 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.
This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.3.0 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.3 Patch 5 Version: 3.3 Patch 6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:50.843551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T13:06:42.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T16:16:46.479Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-multi-3VpsXOxO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO"
}
],
"source": {
"advisory": "cisco-sa-ise-multi-3VpsXOxO",
"defects": [
"CSCwp02819"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20284",
"datePublished": "2025-07-16T16:16:46.479Z",
"dateReserved": "2024-10-10T19:15:13.249Z",
"dateUpdated": "2025-07-17T13:06:42.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20283 (GCVE-0-2025-20283)
Vulnerability from cvelistv5
Published
2025-07-16 16:16
Modified
2025-07-17 13:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.
This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.3.0 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.3 Patch 5 Version: 3.3 Patch 6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20283",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:52.031348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T13:07:01.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T16:16:37.827Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-multi-3VpsXOxO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO"
}
],
"source": {
"advisory": "cisco-sa-ise-multi-3VpsXOxO",
"defects": [
"CSCwp02806"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine Authenticated Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20283",
"datePublished": "2025-07-16T16:16:37.827Z",
"dateReserved": "2024-10-10T19:15:13.249Z",
"dateUpdated": "2025-07-17T13:07:01.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20282 (GCVE-0-2025-20282)
Vulnerability from cvelistv5
Published
2025-06-25 16:29
Modified
2025-07-25 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.
This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.4.0 Version: 3.4 Patch 1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-26T03:55:25.749Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.4 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.\r\n\r\nThis vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T12:26:24.545Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-unauth-rce-ZAd2GnJ6",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"
}
],
"source": {
"advisory": "cisco-sa-ise-unauth-rce-ZAd2GnJ6",
"defects": [
"CSCwp02821"
],
"discovery": "EXTERNAL"
},
"title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20282",
"datePublished": "2025-06-25T16:29:12.357Z",
"dateReserved": "2024-10-10T19:15:13.248Z",
"dateUpdated": "2025-07-25T12:26:24.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20285 (GCVE-0-2025-20285)
Vulnerability from cvelistv5
Published
2025-07-16 16:16
Modified
2025-07-17 13:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-302 - Authentication Bypass by Assumed-Immutable Data
Summary
A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address.
This vulnerability is due to improper enforcement of access controls that are configured using the IP Access Restriction feature. An attacker could exploit this vulnerability by logging in to the API from an unauthorized source IP address. A successful exploit could allow the attacker to gain access to the targeted device from an IP address that should have been restricted. To exploit this vulnerability, the attacker must have valid administrative credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.1.0 Version: 3.1.0 p1 Version: 3.1.0 p3 Version: 3.1.0 p2 Version: 3.2.0 Version: 3.1.0 p4 Version: 3.1.0 p5 Version: 3.2.0 p1 Version: 3.1.0 p6 Version: 3.2.0 p2 Version: 3.1.0 p7 Version: 3.3.0 Version: 3.2.0 p3 Version: 3.2.0 p4 Version: 3.1.0 p8 Version: 3.2.0 p5 Version: 3.2.0 p6 Version: 3.1.0 p9 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.2.0 p7 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.1.0 p10 Version: 3.3 Patch 5 Version: 3.3 Patch 6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20285",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T03:55:53.094512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T13:06:27.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.1.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p3"
},
{
"status": "affected",
"version": "3.1.0 p2"
},
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p1"
},
{
"status": "affected",
"version": "3.1.0 p6"
},
{
"status": "affected",
"version": "3.2.0 p2"
},
{
"status": "affected",
"version": "3.1.0 p7"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.2.0 p3"
},
{
"status": "affected",
"version": "3.2.0 p4"
},
{
"status": "affected",
"version": "3.1.0 p8"
},
{
"status": "affected",
"version": "3.2.0 p5"
},
{
"status": "affected",
"version": "3.2.0 p6"
},
{
"status": "affected",
"version": "3.1.0 p9"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.2.0 p7"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.1.0 p10"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address.\r\n\r\nThis vulnerability is due to improper enforcement of access controls that are configured using the IP Access Restriction feature. An attacker could exploit this vulnerability by logging in to the API from an unauthorized source IP address. A successful exploit could allow the attacker to gain access to the targeted device from an IP address that should have been restricted. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-302",
"description": "Authentication Bypass by Assumed-Immutable Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-16T16:16:56.155Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-multi-3VpsXOxO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO"
}
],
"source": {
"advisory": "cisco-sa-ise-multi-3VpsXOxO",
"defects": [
"CSCwp02811"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Identity Services Engine IP Filter Access Restriction for Admin Access Configuration Bypass Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20285",
"datePublished": "2025-07-16T16:16:56.155Z",
"dateReserved": "2024-10-10T19:15:13.249Z",
"dateUpdated": "2025-07-17T13:06:27.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20281 (GCVE-0-2025-20281)
Vulnerability from cvelistv5
Published
2025-06-25 16:11
Modified
2025-07-30 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Identity Services Engine Software |
Version: 3.3.0 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.3 Patch 5 Version: 3.3 Patch 6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20281",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-26T03:55:51.221716Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20281"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:10.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-28T00:00:00+00:00",
"value": "CVE-2025-20281 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "In July 2025, the Cisco PSIRT became aware of attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T12:26:24.542Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-unauth-rce-ZAd2GnJ6",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"
}
],
"source": {
"advisory": "cisco-sa-ise-unauth-rce-ZAd2GnJ6",
"defects": [
"CSCwo99449"
],
"discovery": "EXTERNAL"
},
"title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20281",
"datePublished": "2025-06-25T16:11:42.285Z",
"dateReserved": "2024-10-10T19:15:13.247Z",
"dateUpdated": "2025-07-30T01:36:10.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20337 (GCVE-0-2025-20337)
Vulnerability from cvelistv5
Published
2025-07-16 16:17
Modified
2025-07-30 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco Identity Services Engine Software |
Version: 3.3.0 Version: 3.3 Patch 2 Version: 3.3 Patch 1 Version: 3.3 Patch 3 Version: 3.4.0 Version: 3.3 Patch 4 Version: 3.4 Patch 1 Version: 3.3 Patch 5 Version: 3.3 Patch 6 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20337",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-26T03:55:52.398837Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-07-28",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20337"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:36:09.152Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2025-07-28T00:00:00+00:00",
"value": "CVE-2025-20337 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Identity Services Engine Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.3 Patch 2"
},
{
"status": "affected",
"version": "3.3 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 3"
},
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "3.3 Patch 4"
},
{
"status": "affected",
"version": "3.4 Patch 1"
},
{
"status": "affected",
"version": "3.3 Patch 5"
},
{
"status": "affected",
"version": "3.3 Patch 6"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco ISE Passive Identity Connector",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.2.0"
},
{
"status": "affected",
"version": "3.1.0"
},
{
"status": "affected",
"version": "3.3.0"
},
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "In July 2025, the Cisco PSIRT became aware of attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T12:26:22.077Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ise-unauth-rce-ZAd2GnJ6",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"
}
],
"source": {
"advisory": "cisco-sa-ise-unauth-rce-ZAd2GnJ6",
"defects": [
"CSCwo99449"
],
"discovery": "EXTERNAL"
},
"title": "Cisco ISE API Unauthenticated Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20337",
"datePublished": "2025-07-16T16:17:04.664Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-07-30T01:36:09.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-07-16 17:15
Modified
2025-07-29 01:00
Severity ?
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
References
Impacted products
{
"cisaActionDue": "2025-08-18",
"cisaExploitAdd": "2025-07-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Cisco Identity Services Engine Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "2E3E8937-2859-4A2A-91C0-05F674EF0466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A0648EE9-F042-479F-9AAB-C6B5DBC46511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "83F3BA58-4F38-41C8-956F-38A2F44EECE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "6C30FA1D-91E2-48C5-B181-A88FDF668278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "768215B1-80B7-40FF-8772-BA4C0B3913F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API espec\u00edfica de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en el sistema operativo subyacente como root. El atacante no necesita credenciales v\u00e1lidas para explotar esta vulnerabilidad. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la informaci\u00f3n proporcionada por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud de API manipulada. Una explotaci\u00f3n exitosa podr\u00eda permitirle obtener privilegios de root en un dispositivo afectado."
}
],
"id": "CVE-2025-20337",
"lastModified": "2025-07-29T01:00:01.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-07-16T17:15:30.573",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-25 17:15
Modified
2025-06-26 20:35
Severity ?
Summary
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.
This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | identity_services_engine | 3.4.0 | |
| cisco | identity_services_engine | 3.4.0 | |
| cisco | identity_services_engine_passive_identity_connector | 3.4.0 | |
| cisco | identity_services_engine_passive_identity_connector | 3.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root.\r\n\r\nThis vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API interna de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto no autenticado cargue archivos arbitrarios en un dispositivo afectado y los ejecute en el sistema operativo subyacente como root. Esta vulnerabilidad se debe a la falta de comprobaciones de validaci\u00f3n de archivos que impedir\u00edan que los archivos cargados se colocaran en directorios privilegiados en un sistema afectado. Un atacante podr\u00eda explotar esta vulnerabilidad subiendo un archivo manipulado al dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitirle almacenar archivos maliciosos en el sistema afectado y luego ejecutar c\u00f3digo arbitrario u obtener privilegios de root."
}
],
"id": "CVE-2025-20282",
"lastModified": "2025-06-26T20:35:33.577",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "psirt@cisco.com",
"type": "Primary"
}
]
},
"published": "2025-06-25T17:15:37.490",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-16 17:15
Modified
2025-07-22 14:16
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address.
This vulnerability is due to improper enforcement of access controls that are configured using the IP Access Restriction feature. An attacker could exploit this vulnerability by logging in to the API from an unauthorized source IP address. A successful exploit could allow the attacker to gain access to the targeted device from an IP address that should have been restricted. To exploit this vulnerability, the attacker must have valid administrative credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804C2F93-8ADC-454A-90DF-59F51FEF9E0A",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "2E3E8937-2859-4A2A-91C0-05F674EF0466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F4D769-1845-41F0-8F15-B5D8AC15DFD9",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A0648EE9-F042-479F-9AAB-C6B5DBC46511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "83F3BA58-4F38-41C8-956F-38A2F44EECE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "6C30FA1D-91E2-48C5-B181-A88FDF668278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "768215B1-80B7-40FF-8772-BA4C0B3913F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address.\r\n\r\nThis vulnerability is due to improper enforcement of access controls that are configured using the IP Access Restriction feature. An attacker could exploit this vulnerability by logging in to the API from an unauthorized source IP address. A successful exploit could allow the attacker to gain access to the targeted device from an IP address that should have been restricted. To exploit this vulnerability, the attacker must have valid administrative credentials."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la funci\u00f3n de Restricci\u00f3n de Acceso IP de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto autenticado eluda las restricciones de acceso IP configuradas e inicie sesi\u00f3n en el dispositivo desde una direcci\u00f3n IP no permitida. Esta vulnerabilidad se debe a la aplicaci\u00f3n incorrecta de los controles de acceso configurados mediante la funci\u00f3n de Restricci\u00f3n de Acceso IP. Un atacante podr\u00eda explotar esta vulnerabilidad iniciando sesi\u00f3n en la API desde una direcci\u00f3n IP de origen no autorizada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder al dispositivo objetivo desde una direcci\u00f3n IP que deber\u00eda estar restringida. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas."
}
],
"id": "CVE-2025-20285",
"lastModified": "2025-07-22T14:16:29.723",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-16T17:15:30.197",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-302"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-25 16:15
Modified
2025-07-30 19:24
Severity ?
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
References
Impacted products
{
"cisaActionDue": "2025-08-18",
"cisaExploitAdd": "2025-07-28",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Cisco Identity Services Engine Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "2E3E8937-2859-4A2A-91C0-05F674EF0466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A0648EE9-F042-479F-9AAB-C6B5DBC46511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "83F3BA58-4F38-41C8-956F-38A2F44EECE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "6C30FA1D-91E2-48C5-B181-A88FDF668278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "768215B1-80B7-40FF-8772-BA4C0B3913F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API espec\u00edfica de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en el sistema operativo subyacente como root. El atacante no necesita credenciales v\u00e1lidas para explotar esta vulnerabilidad. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la informaci\u00f3n proporcionada por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud de API manipulada. Una explotaci\u00f3n exitosa podr\u00eda permitirle obtener privilegios de root en un dispositivo afectado."
}
],
"id": "CVE-2025-20281",
"lastModified": "2025-07-30T19:24:26.480",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2025-06-25T16:15:26.017",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-16 17:15
Modified
2025-07-22 14:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.
This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804C2F93-8ADC-454A-90DF-59F51FEF9E0A",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "2E3E8937-2859-4A2A-91C0-05F674EF0466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F4D769-1845-41F0-8F15-B5D8AC15DFD9",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A0648EE9-F042-479F-9AAB-C6B5DBC46511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "83F3BA58-4F38-41C8-956F-38A2F44EECE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "6C30FA1D-91E2-48C5-B181-A88FDF668278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "768215B1-80B7-40FF-8772-BA4C0B3913F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API espec\u00edfica de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto autenticado ejecute c\u00f3digo arbitrario en el sistema operativo subyacente como usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante con credenciales v\u00e1lidas podr\u00eda explotar esta vulnerabilidad enviando una solicitud de API manipulada. Una explotaci\u00f3n exitosa podr\u00eda permitirle ejecutar comandos como usuario root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas con privilegios altos."
}
],
"id": "CVE-2025-20283",
"lastModified": "2025-07-22T14:19:31.077",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-16T17:15:29.720",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-06-04 17:15
Modified
2025-07-22 15:47
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.
This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3283F4AC-CAD8-49B7-956E-05B1C1672A42",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7A789B44-7E6C-4FE9-BD40-702A871AB8AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "93920663-445E-4456-A905-81CEC6CA1833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "33DA5BB8-4CFE-44BD-9CEB-BC26577E8477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "D3AEFA85-66B5-4145-A4AD-96D1FF86B46D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "7A6A0697-6A9E-48EF-82D8-36C75E0CDFDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "E939B65A-7912-4C36-8799-03A1526D7BD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "833B438F-0869-4C0D-9952-750C00702E8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "E8B2588D-01F9-450B-B2E3-ADC4125E354E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch8:*:*:*:*:*:*",
"matchCriteriaId": "E41016C0-19E6-4BCC-A8DD-F6C9A2B0003E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1.0:patch9:*:*:*:*:*:*",
"matchCriteriaId": "654E946A-07C5-4036-BC54-85EF42B808DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7932D5D5-83E1-4BEF-845A-D0783D4BB750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "1B818846-4A6E-4256-B344-281E8C786C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "A44858A2-922A-425A-8B38-0C47DB911A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "53484A32-757B-42F8-B655-554C34222060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "0CCAC61F-C273-49B3-A631-31D3AE3EB148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "51AEFCE6-FB4A-4B1C-A23D-83CC3CF3FBBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "B452B4F0-8510-475E-9AE8-B48FABB4D7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8FD39E-819E-48CB-AD6C-2F9F6AEF600E",
"versionEndExcluding": "3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "006E0D77-534C-447F-8E97-EC0AB906D978",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "AC07A742-D194-425C-945C-3977E96B61B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "97787372-9A0D-4916-A7A2-19237B84419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "2E2D9D7C-A36E-489D-A2E1-ACE9E9C399BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "3ABA57DA-78C9-489B-88E5-6E5275E53388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "2ABFB0CE-60CF-4969-A91E-186F457C8014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "B8CF7EF0-FBAA-47C7-8386-F67264CA8D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch7:*:*:*:*:*:*",
"matchCriteriaId": "5F08ACD7-2867-428A-966C-6509283FCA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch8:*:*:*:*:*:*",
"matchCriteriaId": "B365970F-9239-45F8-80C6-DA426FCA2E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.1.0:patch9:*:*:*:*:*:*",
"matchCriteriaId": "5A66142F-712F-4EFA-9FC4-E499D3015DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "50D8B7DD-14A8-4C67-8B32-E1F9C7D9C01E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "CB65DFF8-33D8-4840-8A63-7C4797FF0B51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "890FDA62-DED9-401B-9D44-26F3624118CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "604079BA-78F5-4D20-AF27-E7A9A899DA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "25344C6F-8EB6-4709-A51B-DCA26AA885E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "51DE5AD0-5DFA-460D-B22D-0F5E367A9A28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.2.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "683F2E87-9759-4A98-B7C9-489E74837D59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device.\r\n\r\nThis vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la API de Cisco Identity Services Engine (ISE) y Cisco ISE Passive Identity Connector (ISE-PIC) podr\u00eda permitir que un atacante remoto autenticado con privilegios administrativos cargue archivos a un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de la funci\u00f3n de copia de archivos. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud de carga de archivos manipulada a un endpoint API espec\u00edfico. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante cargar archivos arbitrarios a un sistema afectado."
}
],
"id": "CVE-2025-20130",
"lastModified": "2025-07-22T15:47:40.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-06-04T17:15:25.833",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-16 17:15
Modified
2025-07-22 14:19
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.
This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "804C2F93-8ADC-454A-90DF-59F51FEF9E0A",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "2E3E8937-2859-4A2A-91C0-05F674EF0466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F4D769-1845-41F0-8F15-B5D8AC15DFD9",
"versionEndExcluding": "3.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*",
"matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*",
"matchCriteriaId": "A0648EE9-F042-479F-9AAB-C6B5DBC46511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*",
"matchCriteriaId": "83F3BA58-4F38-41C8-956F-38A2F44EECE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*",
"matchCriteriaId": "6C30FA1D-91E2-48C5-B181-A88FDF668278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*",
"matchCriteriaId": "768215B1-80B7-40FF-8772-BA4C0B3913F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*",
"matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials."
},
{
"lang": "es",
"value": "Una vulnerabilidad en una API espec\u00edfica de Cisco ISE y Cisco ISE-PIC podr\u00eda permitir que un atacante remoto autenticado ejecute c\u00f3digo arbitrario en el sistema operativo subyacente como usuario root. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante con credenciales v\u00e1lidas podr\u00eda explotar esta vulnerabilidad enviando una solicitud de API manipulada. Una explotaci\u00f3n exitosa podr\u00eda permitirle ejecutar comandos como usuario root. Para explotar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas con privilegios altos."
}
],
"id": "CVE-2025-20284",
"lastModified": "2025-07-22T14:19:49.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-07-16T17:15:30.010",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "psirt@cisco.com",
"type": "Primary"
}
]
}