CVE-2025-20281
Published Jun 25, 2025
Last updated 20 hours ago
AI description
CVE-2025-20281 is a vulnerability in a specific API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). It allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Cisco has released software updates to address this vulnerability, and there are no known workarounds. This affects Cisco ISE and ISE-PIC releases 3.3 and later, but not 3.2 or earlier.
- Description
- A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
- Source
- psirt@cisco.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-74
- Hype score
- Not currently trending
ثغرات خطيرة في Cisco ISE تتيح تنفيذ أوامر بامتيازات Root عن بُعد بدون مصادقة - CVE-2025-20281 - CVE-2025-20282 - CVE-2025-20337 - درجة الخطورة 10/10 - التحديث الفوري لإصدارات 3.3 و3.4 ضروري
@cyberscastx
17 Jul 2025
45 Impressions
0 Retweets
0 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2025-20281 no Cisco ISE permitia RCE sem autenticação via requisição API forjada, aproveitando falta de validação em parâmetros JSON. Enviar payload malicioso resultava em execução de comandos com privilégios de root.
@hashtagsec
11 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20281
@transilienceai
5 Jul 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Cisco ISE & ISE-PIC bajo fuego: CVE-2025-20281 & CVE-2025-20282 (CVSS 10.0) permiten RCE como root sin autenticación. Parchéalos YA. 😉 #CVE2025 #CiscoISE #BugBounty https://t.co/yfgdMO4zn4
@gorkaelbochi
1 Jul 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical vulnerabilities exist in Cisco Identity Services Engine Software (CVE-2025-20281, CVE-2025-20282). Please check out the @ncsc_gov_ie advisory for more info: https://t.co/AeqLH3lhdu
@ncsc_gov_ie
1 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC • CVSS: 10 @CISAgov @NSACyber It's collective responsibility to ensure #infrastructure is protected.. @Cisco https://t.co/XqZLiUMej7
@Ke_Cyber
30 Jun 2025
93 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨CVE-2025-20281 & CVE-2025-20282: Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC • CVSS: 10 • ZoomEye Dork: app="Cisco ISE" • Results: 1,937 • Advisory: https://t.co/3VHBjipCWi • PoC: https://t.co/qrnFDD6FYe • ZoomEye Search: https://t.co/GzmeO
@DarkWebInformer
30 Jun 2025
21462 Impressions
53 Retweets
185 Likes
109 Bookmarks
1 Reply
2 Quotes
😤😵Jamais déçu avec les produits de sécurité Cisco en matière de failles #BugDoor #WhatElse 2 RCE sans authentication nécessaire😱: • CVE-2025-20281 sur Cisco ISE & Cisco ISE-PIC v3.3.x & sup. (CVSS 9,8/10) • CVE-2025-20282 sur Cisco ISE et Cisco ISE-PIC
@FabianRODES
30 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-20281 (CVSS:9.8, CRITICAL) is Analyzed. A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to exec..https://t.co/hkthB23DAo #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
30 Jun 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco warns of two critical flaws (CVE-2025-20281, CVE-2025-20282, CVSS 10.0) in ISE and ISE-PIC allowing unauthenticated remote root code execution. Apply patches immediately. #CiscoISE #Cybersecurity #RCE #Vulnerability #PatchNow https://t.co/whpwExNLjP
@the_yellow_fall
29 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Two Critical Remote Code Execution vulnerabilities in @Cisco #ISE—CVE-2025-20281 (CVSS 9.8) and CVE-2025-20282 (CVSS 10)! These 0Days allow remote code execution as root and arbitrary file uploads. Immediate action required! #RCE #Patch https://t.co/RGvbHaYZhJ
@CCBalert
27 Jun 2025
102 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades de Cisco ISE ❗CVE-2025-20282 ❗CVE-2025-20281 ➡️Más info: https://t.co/1qn7wszrOp https://t.co/ekoophUxLu
@CERTpy
27 Jun 2025
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-20281 and CVE-2025-20282(CVSS 10.0) Two Critical RCE Flaws Allow Unauthenticated Root Access 🎯742 Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/sepwYVyBPu FOFA Query:app="CISCO-ISE" 🔖Refer:https://t.co/JVFLzIFb
@fofabot
27 Jun 2025
1514 Impressions
7 Retweets
22 Likes
2 Bookmarks
2 Replies
0 Quotes
🚨Alert🚨CVE-2025-20281 & CVE-2025-20282 :Unauthenticated Remote Code Execution Vulnerabilities affecting Cisco ISE and ISE-PIC. 📊1K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/dGTzo2tgAp 👇Query HUNTER : https://t.co/q9rtuG
@HunterMapping
27 Jun 2025
4442 Impressions
24 Retweets
91 Likes
27 Bookmarks
2 Replies
0 Quotes
Cisco warns of two critical flaws (CVE-2025-20281, CVE-2025-20282, CVSS 10.0) in ISE and ISE-PIC allowing unauthenticated remote root code execution. Apply patches immediately. #CiscoISE #Cybersecurity #RCE #Vulnerability #PatchNow https://t.co/CtXiW4Zxns
@the_yellow_fall
27 Jun 2025
861 Impressions
7 Retweets
9 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️ Critical Cisco ISE Alert! Two unauthenticated RCE flaws (CVE-2025-20281, CVSS 9.8; CVE-2025-20282, CVSS 10.0) threaten ISE 3.3 & 3.4. Attackers can gain root access. Patch now to protect your network! 🛡️ #Cisco #CyberThreat. https://t.co/qBXf2ItnJY
@CyberWolfGuard
26 Jun 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco issues urgent patches for critical RCE flaws in ISE and ISE-PIC (CVE-2025-20281 & CVE-2025-20282). Unauthenticated attackers could gain root access via input/file validation issues. Stay secure! 🚨 #Cisco #SecurityUpdate #USA https://t.co/UiK9mmn1oi
@TweetThreatNews
26 Jun 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Critical Cisco ISE Vulnerabilities, CVE-2025-20281 & CVE-2025-20282 Two unauthenticated RCE flaws have been disclosed in Cisco ISE and ISE-PIC, allowing remote attackers to execute commands as root without credentials. CVE-2025-20281 • Affects: ISE 3.3 & 3.4 •
@DarkWebInformer
26 Jun 2025
6368 Impressions
25 Retweets
75 Likes
24 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na dvě zranitelnost v Cisco Identity Service Engine: CVE-2025-20281: Neautentizovaný vzdálený útočník může v Cisco ISE kvůli nedostatečné validaci vstupů ve veřejné API pomocí speciálně vytvořených API požadavků spustit libovolný kód. CV
@GOVCERT_CZ
26 Jun 2025
811 Impressions
5 Retweets
4 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-20281 & CVE-2025-20282: Cisco ISE Bugs With 10/10 Severity #CiscoISE #CyberSecurity #CVE202520281 #CVE202520282 #RemoteCodeExecution #PatchNow #NetworkSecurity #InfoSec #VulnerabilityAlert #ZeroDay https://t.co/IwkA0VvQAG
@cyashadotcom
26 Jun 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
シスコ社がCisco ISE及びISE-PICにおけるCVSSスコア10の脆弱性2件を修正。CVE-2025-20281は脆弱なAPIによるroot権限での遠隔コード実行。CVE-2025-20282は未認証の攻撃者が内部API経由でファイルをアップロードしてrootとし
@__kokumoto
26 Jun 2025
2278 Impressions
10 Retweets
23 Likes
5 Bookmarks
0 Replies
1 Quote
Critical Cisco ISE Vulnerabilities Allow Remote Code Execution Cisco has released patches for two critical vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), tracked as CVE-2025-20281 and CVE-2025-20282, both rated 10/10 in severity.
@dCypherIO
26 Jun 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⭕ Cisco ISE RCE Vulnerability Allows Command Execution as Root User | Read more: https://t.co/FwighL15WL 1. Two maximum-severity flaws (CVE-2025-20281 and CVE-2025-20282) allow remote root access to Cisco ISE systems. 2. Attackers can exploit these remotely without any https:/
@The_Cyber_News
26 Jun 2025
528 Impressions
2 Retweets
6 Likes
1 Bookmark
1 Reply
0 Quotes
CVE-2025-20281 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating… https://t.co/Nenkl1xFiT
@CVEnew
25 Jun 2025
231 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-20281: CRITICAL] Critical vulnerability discovered in Cisco ISE API, enabling remote attackers to gain root access without credentials. Ensure systems are patched to prevent compromise.#cve,CVE-2025-20281,#cybersecurity https://t.co/oh3255uUye https://t.co/u8N2oyVh9B
@CveFindCom
25 Jun 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF8B81A6-BF44-4E5F-B167-39F61DDCA026"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56E0F0EC-3E66-4866-89F5-89B331F3F517"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D23905E0-E525-49B1-8E5F-4EB42D186768"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74509498-38EF-4345-9583-CEF5C26CA1D8"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CA3315D-8A45-43F4-A0F0-094D325F285B"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3736136-9FD8-4B12-B119-EA15201224D9"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "654ED77E-22D3-4E76-9E6D-B1581F5982F0"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0648EE9-F042-479F-9AAB-C6B5DBC46511"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83F3BA58-4F38-41C8-956F-38A2F44EECE4"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C30FA1D-91E2-48C5-B181-A88FDF668278"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC0525FD-C4D7-4B48-BF35-1791391AB148"
},
{
"criteria": "cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68C96F6B-51EE-4D03-9598-CBFD16DA22EF"
}
],
"operator": "OR"
}
]
}
]