CVE-2025-20281

CVE Database · CVE-2025-20281

CVE-2025-20281

· CRITICALAnalyzed

CVSS v3.1

10.0

EPSS

96.73%

Published

Jun 25, 2025

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2025-07-28 · Due: 2025-08-18

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (5)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCabrewer251/CVE-2025-20281-2-Cisco-ISE-RCE★20 GitHub PoCgrupooruss/CVE-2025-20281-Cisco★6 GitHub PoCill-deed/Cisco-CVE-2025-20281-illdeed★5

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-74

Affected Products (18)

cisco · identity_services_enginevulnerable

cisco · identity_services_engine_passive_identity_connector

References (3)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20281

US Government Resource

https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs