CVE-2025-20281

Published Jun 25, 2025

Last updated 19 days ago

Exploit knownCVSS critical 10.0
Cisco ISE
Cisco ISE-PIC

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-20281 is a vulnerability in a specific API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). It allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Cisco has released software updates to address this vulnerability, and there are no known workarounds. This affects Cisco ISE and ISE-PIC releases 3.3 and later, but not 3.2 or earlier.

Description
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Source
psirt@cisco.com
NVD status
Analyzed
Products
identity_services_engine, identity_services_engine_passive_identity_connector

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Cisco Identity Services Engine Injection Vulnerability
Exploit added on
Jul 28, 2025
Exploit action due
Aug 18, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@cisco.com
CWE-74

Social media

Hype score
Not currently trending
  1. 🚨 New Templates Bounty Issue 💰 CVE-2025-20281 - Cisco ISE - Remote Code Execution 💰 👾 Issue: https://t.co/jFkDZDUSKV #bugbounty #NucleiTemplates #cve #opensource

    @pdnuclei

    10 Aug 2025

    2059 Impressions

    2 Retweets

    22 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 #CVE-2025-20281: Exploiting #Cisco ISE API for Unauthenticated Remote Code Execution https://t.co/qqAiWFS6G9 Educational Purposes!

    @UndercodeUpdate

    1 Aug 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. برای Cisco Identity Services Engine یا همان ISE ، آسیب پذیری جدیدی با کد شناسایی CVE-2025-20281 که از نوع RCE می باشد ، منتشر شده است. اکسپلویت این آسیب پذیری نیز منتشر شده و به دلی

    @AmirHossein_sec

    31 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA Alerts: Act Now on Critical Cisco Vulnerabilities https://t.co/zE2OUeUqtM #CisaAlert #CiscoIseSecurity #CiscoVulnerabilities #cve-2025-20281

    @wizconsults

    30 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-20281 RCE Cisco Identity Services Engine about https://t.co/RPC7VumPjS https://t.co/qRMwUMTSsJ

    @rotito1

    30 Jul 2025

    88 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). https://t.co/NNevvxsByG

    @blackwired32799

    29 Jul 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Exploit available for critical Cisco ISE bug exploited in attacks Security researcher Bobby Gould published a detailed exploit chain for CVE-2025-20281, a critical unauthenticated remote code execution flaw in Cisco ISE versions 3.3 and 3.4. The vulnerability allows attackers to

    @dCypherIO

    29 Jul 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 CISA Alert: Cisco ISE Vulnerabilities Exploited CVE-2025-20281 & CVE-2025-20337 allow remote root access — now in CISA’s KEV catalog. 🔗https://t.co/PsKMXGHOpn #CiscoISE #CVE202520281 #CyberSecurity #CISA #RCE #MSP #ZeroTrust #KEV #T https://t.co/mg6hjpk85b

    @VaultEdgeIT

    29 Jul 2025

    79 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Security researcher Bobby Gould has revealed a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE), raising serious security concerns. #Cisco #CyberSecurity https://t.co/ErI0ZU0f4t

    @Cyber_O51NT

    29 Jul 2025

    811 Impressions

    4 Retweets

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  10. Cisco ISEの脆弱性CVE-2025-20281に対応するPoC(攻撃の概念実証コード)が公表された。 https://t.co/H1RJC2P3Cs

    @__kokumoto

    29 Jul 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 🔍 Vulnerabilidades en API de Cisco ISE y Cisco ISE-PIC (CVE-2025-20281 / CVE-2025-20337), podría permitir que un atacante remoto no autenticado ejecute código arbitrario en el sistema operativo subyacente como root. CVSS 10.0CRITICAL Vendor - Cisco https://t.co/Em8SOQwRrH h

    @ciberseguridadx

    29 Jul 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Cisco ISEの脆弱性CVE-2025-20281とCVE-2025-20337の概要と対策 https://t.co/lbpfC7QUfe #Security #セキュリティ #ニュース

    @SecureShield_

    29 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. #exploit 1⃣. CVE-2025-20281: Cisco ISE API Unauthenticated RCE - https://t.co/bpaj1sWXKa 2⃣. CVE-2025-29017: Internet Banking System 2.0 RCE via Profile Picture Upload - https://t.co/4SzolqXLza 3⃣. CVE-2025-22230, CVE-2025-22247: The Guest Who Could - Exploiting LPE in VMW

    @ksg93rd

    28 Jul 2025

    326 Impressions

    1 Retweet

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  14. 🔐 CISA alerte : failles Cisco ISE (CVE-2025-20281, CVE-2025-20337) exploitées activement. Accès root non authentifié possible. Patch d’urgence requis avant le 18/08 ! #CyberSecurite #Cisco https://t.co/pyDcIIao5H

    @inidreamtheater

    28 Jul 2025

    68 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-20281 #Cisco Identity Services Engine Injection Vulnerability https://t.co/BQh6HJQvwa

    @ScyScan

    28 Jul 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 Update: CISA just added CVE-2025-20281 and CVE-2025-20337 to its Known Exploited Vulnerabilities list. These Cisco ISE flaws allow remote, unauthenticated attackers to gain root access — and they're already being exploited. Feds must patch by Aug 18. Everyone else: don

    @TheHackersNews

    28 Jul 2025

    9735 Impressions

    33 Retweets

    58 Likes

    8 Bookmarks

    0 Replies

    1 Quote

  17. 🛡️ We added PaperCut and Cisco vulnerabilities CVE-2023-2533, CVE-2025-20281, & CVE-2025-20337 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.c

    @CISACyber

    28 Jul 2025

    400 Impressions

    1 Retweet

    5 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  18. CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability https://t.co/xMExQvqXRo On January 25th, 2025, the Trend Zero Day Initiative (ZDI) received a report from Kentaro Kawane of GMO Cybersecurity by Ierae regarding a deserialization of untrusted dat

    @f1tym1

    25 Jul 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CVE-2025-20281: Cisco ISE API Unauthenticated Remote Code Execution Vulnerability: Trend ZDI analyst @bobbygould5 details this bug and another that may be a dupe. He also shows how it can be exploited. https://t.co/qZ2uBpq8yO

    @thezdi

    25 Jul 2025

    10990 Impressions

    38 Retweets

    101 Likes

    25 Bookmarks

    2 Replies

    1 Quote

  20. 🚨 New Templates Bounty Issue 💰 CVE-2025-20281 - Cisco ISE - Remote Code Execution 💰 👾 Issue: https://t.co/jFkDZDUSKV #bugbounty #NucleiTemplates #cve #opensource

    @pdnuclei

    25 Jul 2025

    1974 Impressions

    11 Retweets

    40 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨 CVE-2025-20281: Critical Unauthenticated RCE in Cisco ISE & ISE-PIC This vulnerability allows attackers to send crafted API requests and execute arbitrary commands as root, with no login required. ⚠️ No PoCs are public. Not yet in the KEV. But #NodeZero can find yo

    @Horizon3ai

    24 Jul 2025

    242 Impressions

    8 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    1 Quote

  22. Cisco Maximum-severity ISE RCE flaws now exploited in attacks (CVE-2025-20281 and CVE-2025-20282) and July 16, 2025 (CVE-2025-20337). https://t.co/1Jv8OoJGMB

    @freedomhack101

    24 Jul 2025

    56 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 🚨 Alerta de cibersegurança - CISCO ISE! Hackers estão explorando três falhas críticas no Cisco ISE e ISE-PIC, permitindo execução remota de código como root, sem autenticação. 😱 🔍 Vulnerabilidades: • CVE-2025-20281 • CVE-2025-20282 • CVE-2025-20337 💣

    @brainworkblog

    24 Jul 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Cisco confirms active exploitation of ISE and ISE-PIC flaws Cisco has confirmed active exploitation of critical vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, first ht

    @dCypherIO

    23 Jul 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Security Alert: Cisco confirms active exploits targeting ISE flaws (CVE-2025-20281, CVE-2025-20337, CVE-2025-20282) enabling unauthenticated root access, reported July 22, 2025. Threat: Attackers can execute arbitrary code via crafted API requests or file uploads, risking https:

    @tony3266

    22 Jul 2025

    122 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-20281:A vulnerability in a specific API of Cisco ISE could allow an unauthenticated,remote attacker to execute arbitrary code on the underlying operating system as root.This vulnerability is due to insufficient validation of user-supplied input. https://t.co/nOZ0xrVoMd

    @ZeroDayFacts

    21 Jul 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code. Tracked as CVE-2025-20337, the shortcoming carries a CVSS score of 10.0 and is similar to CVE-2025-20281 which was patched late last month. https://t.co/NxjiTKGa8e https://t.co/b022XffXRI

    @riskigy

    19 Jul 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. ⚠️Vulnerabilidades en Cisco Identity Services Engine ❗CVE-2025-20337 ❗CVE-2025-20281 ❗CVE-2025-20282 ➡️Más info: https://t.co/2wTTfVhZGX https://t.co/yDYSZz4Zh6

    @CERTpy

    18 Jul 2025

    100 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. [ZDI-25-609|CVE-2025-20281] Cisco Identity Services Engine invokeStrongSwanShellScript Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Bobby Gould (@bobbygould5) of Trend Zero Day Initiative) https://t.co/6ejoxC3GWT

    @TheZDIBugs

    17 Jul 2025

    3904 Impressions

    9 Retweets

    17 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  30. ثغرات خطيرة في Cisco ISE تتيح تنفيذ أوامر بامتيازات Root عن بُعد بدون مصادقة - CVE-2025-20281 - CVE-2025-20282 - CVE-2025-20337 - درجة الخطورة 10/10 - التحديث الفوري لإصدارات 3.3 و3.4 ضروري

    @cyberscastx

    17 Jul 2025

    12218 Impressions

    8 Retweets

    98 Likes

    92 Bookmarks

    5 Replies

    0 Quotes

  31. CVE-2025-20281 no Cisco ISE permitia RCE sem autenticação via requisição API forjada, aproveitando falta de validação em parâmetros JSON. Enviar payload malicioso resultava em execução de comandos com privilégios de root.

    @hashtagsec

    11 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Actively exploited CVE : CVE-2025-20281

    @transilienceai

    5 Jul 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. Cisco ISE & ISE-PIC bajo fuego: CVE-2025-20281 & CVE-2025-20282 (CVSS 10.0) permiten RCE como root sin autenticación. Parchéalos YA. 😉 #CVE2025 #CiscoISE #BugBounty https://t.co/yfgdMO4zn4

    @gorkaelbochi

    1 Jul 2025

    19 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  34. 🚨 Critical vulnerabilities exist in Cisco Identity Services Engine Software (CVE-2025-20281, CVE-2025-20282). Please check out the @ncsc_gov_ie advisory for more info: https://t.co/AeqLH3lhdu

    @ncsc_gov_ie

    1 Jul 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC • CVSS: 10 @CISAgov @NSACyber It's collective responsibility to ensure #infrastructure is protected.. @Cisco https://t.co/XqZLiUMej7

    @Ke_Cyber

    30 Jun 2025

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. 🚨CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC • CVSS: 10 • ZoomEye Dork: app="Cisco ISE" • Results: 1,937 • Advisory: https://t.co/3VHBjipCWi • PoC: https://t.co/qrnFDD6FYe • ZoomEye Search: https://t.co/GzmeO

    @DarkWebInformer

    30 Jun 2025

    21462 Impressions

    53 Retweets

    185 Likes

    109 Bookmarks

    1 Reply

    2 Quotes

  37. 😤😵Jamais déçu avec les produits de sécurité Cisco en matière de failles #BugDoor #WhatElse 2 RCE sans authentication nécessaire😱: • CVE-2025-20281 sur Cisco ISE & Cisco ISE-PIC v3.3.x & sup. (CVSS 9,8/10) • CVE-2025-20282 sur Cisco ISE et Cisco ISE-PIC

    @FabianRODES

    30 Jun 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  38. CVE-2025-20281 (CVSS:9.8, CRITICAL) is Analyzed. A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to exec..https://t.co/hkthB23DAo #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    30 Jun 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. Cisco warns of two critical flaws (CVE-2025-20281, CVE-2025-20282, CVSS 10.0) in ISE and ISE-PIC allowing unauthenticated remote root code execution. Apply patches immediately. #CiscoISE #Cybersecurity #RCE #Vulnerability #PatchNow https://t.co/whpwExNLjP

    @the_yellow_fall

    29 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. Warning: Two Critical Remote Code Execution vulnerabilities in @Cisco #ISE—CVE-2025-20281 (CVSS 9.8) and CVE-2025-20282 (CVSS 10)! These 0Days allow remote code execution as root and arbitrary file uploads. Immediate action required! #RCE #Patch https://t.co/RGvbHaYZhJ

    @CCBalert

    27 Jun 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. ⚠️Vulnerabilidades de Cisco ISE ❗CVE-2025-20282 ❗CVE-2025-20281 ➡️Más info: https://t.co/1qn7wszrOp https://t.co/ekoophUxLu

    @CERTpy

    27 Jun 2025

    131 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. ⚠️⚠️ CVE-2025-20281 and CVE-2025-20282(CVSS 10.0) Two Critical RCE Flaws Allow Unauthenticated Root Access 🎯742 Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/sepwYVyBPu FOFA Query:app="CISCO-ISE" 🔖Refer:https://t.co/JVFLzIFb

    @fofabot

    27 Jun 2025

    1514 Impressions

    7 Retweets

    22 Likes

    2 Bookmarks

    2 Replies

    0 Quotes

  43. 🚨Alert🚨CVE-2025-20281 & CVE-2025-20282 :Unauthenticated Remote Code Execution Vulnerabilities affecting Cisco ISE and ISE-PIC. 📊1K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/dGTzo2tgAp 👇Query HUNTER : https://t.co/q9rtuG

    @HunterMapping

    27 Jun 2025

    4442 Impressions

    24 Retweets

    91 Likes

    27 Bookmarks

    2 Replies

    0 Quotes

  44. Cisco warns of two critical flaws (CVE-2025-20281, CVE-2025-20282, CVSS 10.0) in ISE and ISE-PIC allowing unauthenticated remote root code execution. Apply patches immediately. #CiscoISE #Cybersecurity #RCE #Vulnerability #PatchNow https://t.co/CtXiW4Zxns

    @the_yellow_fall

    27 Jun 2025

    861 Impressions

    7 Retweets

    9 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  45. ⚠️ Critical Cisco ISE Alert! Two unauthenticated RCE flaws (CVE-2025-20281, CVSS 9.8; CVE-2025-20282, CVSS 10.0) threaten ISE 3.3 & 3.4. Attackers can gain root access. Patch now to protect your network! 🛡️ #Cisco #CyberThreat. https://t.co/qBXf2ItnJY

    @CyberWolfGuard

    26 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Cisco issues urgent patches for critical RCE flaws in ISE and ISE-PIC (CVE-2025-20281 & CVE-2025-20282). Unauthenticated attackers could gain root access via input/file validation issues. Stay secure! 🚨 #Cisco #SecurityUpdate #USA https://t.co/UiK9mmn1oi

    @TweetThreatNews

    26 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. 🚨Critical Cisco ISE Vulnerabilities, CVE-2025-20281 & CVE-2025-20282 Two unauthenticated RCE flaws have been disclosed in Cisco ISE and ISE-PIC, allowing remote attackers to execute commands as root without credentials. CVE-2025-20281 • Affects: ISE 3.3 & 3.4 •

    @DarkWebInformer

    26 Jun 2025

    6368 Impressions

    25 Retweets

    75 Likes

    24 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨Upozorňujeme na dvě zranitelnost v Cisco Identity Service Engine: CVE-2025-20281: Neautentizovaný vzdálený útočník může v Cisco ISE kvůli nedostatečné validaci vstupů ve veřejné API pomocí speciálně vytvořených API požadavků spustit libovolný kód. CV

    @GOVCERT_CZ

    26 Jun 2025

    811 Impressions

    5 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  49. CVE-2025-20281 & CVE-2025-20282: Cisco ISE Bugs With 10/10 Severity #CiscoISE #CyberSecurity #CVE202520281 #CVE202520282 #RemoteCodeExecution #PatchNow #NetworkSecurity #InfoSec #VulnerabilityAlert #ZeroDay https://t.co/IwkA0VvQAG

    @cyashadotcom

    26 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. シスコ社がCisco ISE及びISE-PICにおけるCVSSスコア10の脆弱性2件を修正。CVE-2025-20281は脆弱なAPIによるroot権限での遠隔コード実行。CVE-2025-20282は未認証の攻撃者が内部API経由でファイルをアップロードしてrootとし

    @__kokumoto

    26 Jun 2025

    2278 Impressions

    10 Retweets

    23 Likes

    5 Bookmarks

    0 Replies

    1 Quote

Configurations