CVE-2025-20281

Published Jun 25, 2025

Last updated 3 days ago

CVSS critical 9.8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-20281 is a vulnerability in a specific API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). It allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker doesn't need any valid credentials to exploit this vulnerability. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit it by submitting a crafted API request. Cisco has released software updates to address this vulnerability, and there are no known workarounds. This affects Cisco ISE and ISE-PIC releases 3.3 and later, but not 3.2 or earlier.

Description
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Source
psirt@cisco.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

psirt@cisco.com
CWE-74

Social media

Hype score
Not currently trending

  1. Cisco warns of two critical flaws (CVE-2025-20281, CVE-2025-20282, CVSS 10.0) in ISE and ISE-PIC allowing unauthenticated remote root code execution. Apply patches immediately. #CiscoISE #Cybersecurity #RCE #Vulnerability #PatchNow https://t.co/whpwExNLjP

    @the_yellow_fall

    29 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Warning: Two Critical Remote Code Execution vulnerabilities in @Cisco #ISE—CVE-2025-20281 (CVSS 9.8) and CVE-2025-20282 (CVSS 10)! These 0Days allow remote code execution as root and arbitrary file uploads. Immediate action required! #RCE #Patch https://t.co/RGvbHaYZhJ

    @CCBalert

    27 Jun 2025

    102 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ⚠️Vulnerabilidades de Cisco ISE ❗CVE-2025-20282 ❗CVE-2025-20281 ➡️Más info: https://t.co/1qn7wszrOp https://t.co/ekoophUxLu

    @CERTpy

    27 Jun 2025

    131 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2025-20281 and CVE-2025-20282(CVSS 10.0) Two Critical RCE Flaws Allow Unauthenticated Root Access 🎯742 Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/sepwYVyBPu FOFA Query:app="CISCO-ISE" 🔖Refer:https://t.co/JVFLzIFb

    @fofabot

    27 Jun 2025

    1514 Impressions

    7 Retweets

    22 Likes

    2 Bookmarks

    2 Replies

    0 Quotes

  5. 🚨Alert🚨CVE-2025-20281 & CVE-2025-20282 :Unauthenticated Remote Code Execution Vulnerabilities affecting Cisco ISE and ISE-PIC. 📊1K+Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/dGTzo2tgAp 👇Query HUNTER : https://t.co/q9rtuG

    @HunterMapping

    27 Jun 2025

    4442 Impressions

    24 Retweets

    91 Likes

    27 Bookmarks

    2 Replies

    0 Quotes

  6. Cisco warns of two critical flaws (CVE-2025-20281, CVE-2025-20282, CVSS 10.0) in ISE and ISE-PIC allowing unauthenticated remote root code execution. Apply patches immediately. #CiscoISE #Cybersecurity #RCE #Vulnerability #PatchNow https://t.co/CtXiW4Zxns

    @the_yellow_fall

    27 Jun 2025

    861 Impressions

    7 Retweets

    9 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  7. ⚠️ Critical Cisco ISE Alert! Two unauthenticated RCE flaws (CVE-2025-20281, CVSS 9.8; CVE-2025-20282, CVSS 10.0) threaten ISE 3.3 & 3.4. Attackers can gain root access. Patch now to protect your network! 🛡️ #Cisco #CyberThreat. https://t.co/qBXf2ItnJY

    @CyberWolfGuard

    26 Jun 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Cisco issues urgent patches for critical RCE flaws in ISE and ISE-PIC (CVE-2025-20281 & CVE-2025-20282). Unauthenticated attackers could gain root access via input/file validation issues. Stay secure! 🚨 #Cisco #SecurityUpdate #USA https://t.co/UiK9mmn1oi

    @TweetThreatNews

    26 Jun 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨Critical Cisco ISE Vulnerabilities, CVE-2025-20281 & CVE-2025-20282 Two unauthenticated RCE flaws have been disclosed in Cisco ISE and ISE-PIC, allowing remote attackers to execute commands as root without credentials. CVE-2025-20281 • Affects: ISE 3.3 & 3.4 •

    @DarkWebInformer

    26 Jun 2025

    6368 Impressions

    25 Retweets

    75 Likes

    24 Bookmarks

    0 Replies

    0 Quotes

  10. 🚨Upozorňujeme na dvě zranitelnost v Cisco Identity Service Engine: CVE-2025-20281: Neautentizovaný vzdálený útočník může v Cisco ISE kvůli nedostatečné validaci vstupů ve veřejné API pomocí speciálně vytvořených API požadavků spustit libovolný kód. CV

    @GOVCERT_CZ

    26 Jun 2025

    811 Impressions

    5 Retweets

    4 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. CVE-2025-20281 & CVE-2025-20282: Cisco ISE Bugs With 10/10 Severity #CiscoISE #CyberSecurity #CVE202520281 #CVE202520282 #RemoteCodeExecution #PatchNow #NetworkSecurity #InfoSec #VulnerabilityAlert #ZeroDay https://t.co/IwkA0VvQAG

    @cyashadotcom

    26 Jun 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. シスコ社がCisco ISE及びISE-PICにおけるCVSSスコア10の脆弱性2件を修正。CVE-2025-20281は脆弱なAPIによるroot権限での遠隔コード実行。CVE-2025-20282は未認証の攻撃者が内部API経由でファイルをアップロードしてrootとし

    @__kokumoto

    26 Jun 2025

    2278 Impressions

    10 Retweets

    23 Likes

    5 Bookmarks

    0 Replies

    1 Quote

  13. Critical Cisco ISE Vulnerabilities Allow Remote Code Execution Cisco has released patches for two critical vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), tracked as CVE-2025-20281 and CVE-2025-20282, both rated 10/10 in severity.

    @dCypherIO

    26 Jun 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ⭕ Cisco ISE RCE Vulnerability Allows Command Execution as Root User | Read more: https://t.co/FwighL15WL 1. Two maximum-severity flaws (CVE-2025-20281 and CVE-2025-20282) allow remote root access to Cisco ISE systems. 2. Attackers can exploit these remotely without any https:/

    @The_Cyber_News

    26 Jun 2025

    528 Impressions

    2 Retweets

    6 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  15. CVE-2025-20281 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating… https://t.co/Nenkl1xFiT

    @CVEnew

    25 Jun 2025

    231 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. [CVE-2025-20281: CRITICAL] Critical vulnerability discovered in Cisco ISE API, enabling remote attackers to gain root access without credentials. Ensure systems are patched to prevent compromise.#cve,CVE-2025-20281,#cybersecurity https://t.co/oh3255uUye https://t.co/u8N2oyVh9B

    @CveFindCom

    25 Jun 2025

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.