Remote Code Execution Vulnerability in Cisco ISE Products
CVE-2025-20281

9.8CRITICAL

Key Information:

Vendor

Cisco

Vendor
CVE Published:
25 June 2025

Badges

📈 Trended📈 Score: 3,200💰 Ransomware👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-20281?

CVE-2025-20281 is a critical remote code execution vulnerability found in Cisco Identity Services Engine (ISE) products, including the ISE-PIC. Cisco ISE serves as a key component in network security, enabling organizations to manage user access and enforce policy compliance across their network infrastructure. The vulnerability arises from inadequate validation of user-supplied input in a specific API, allowing an unauthenticated attacker to send crafted requests that can execute arbitrary code with root privileges on the affected system. This poses a severe risk, as successful exploitation can lead to complete control over the device, compromising sensitive data and network integrity without needing any valid credentials.

Potential impact of CVE-2025-20281

  1. Unauthorized Access to Sensitive Systems: The vulnerability allows attackers to obtain root access, enabling them to manipulate system settings, access confidential information, and install malicious software. This can lead to data breaches and significant impacts on organizational security.

  2. Network Disruption and Service Downtime: By exploiting this vulnerability, attackers can disrupt critical network services, potentially leading to extended downtime for services reliant on Cisco ISE. This can affect organizational operations and erode customer trust.

  3. Potential for System Compromise and Malware Distribution: With root access, attackers could deploy additional malware or create backdoors for future attacks. This increases the risk of larger-scale cyber incidents, including data theft or ransomware deployment, as the compromised system can be leveraged to infiltrate other connected devices and systems.

Affected Version(s)

Cisco Identity Services Engine Software 3.3.0

Cisco Identity Services Engine Software 3.3 Patch 2

Cisco Identity Services Engine Software 3.3 Patch 1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

News Articles

Critical Vulnerabilities in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC)

Cisco has released security updates addressing multiple critical vulnerabilities in their ISE and ISE-PIC. Users and administrators of affected products are…

2 weeks ago

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 💰

    Used in Ransomware

  • 🟡

    Public PoC available

  • 📰

    First article discovered by SecurityWeek

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20281 : Remote Code Execution Vulnerability in Cisco ISE Products