CVE-2025-20283

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.

This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.

Published: Jul 16, 2025
Updated: Jul 23, 2025
CVE: CVE-2025-20283
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-74

Affected Software
References

Software	From	Fixed in
cisco / identity_services_engine	3.4.0	3.4.0.x
cisco / identity_services_engine	3.3.0	3.3.0.x
cisco / identity_services_engine	3.3.0-patch1	3.3.0-patch1.x
cisco / identity_services_engine	3.3.0-patch2	3.3.0-patch2.x
cisco / identity_services_engine	3.3.0-patch3	3.3.0-patch3.x
cisco / identity_services_engine	3.3.0-patch4	3.3.0-patch4.x
cisco / identity_services_engine	3.3.0-patch5	3.3.0-patch5.x
cisco / identity_services_engine	3.3.0-patch6	3.3.0-patch6.x
cisco / identity_services_engine	3.4.0-patch1	3.4.0-patch1.x
cisco / identity_services_engine	-	3.3.0
cisco / identity_services_engine_passive_identity_connector	3.3.0	3.3.0.x
cisco / identity_services_engine_passive_identity_connector	3.3.0-patch1	3.3.0-patch1.x
cisco / identity_services_engine_passive_identity_connector	3.3.0-patch2	3.3.0-patch2.x
cisco / identity_services_engine_passive_identity_connector	3.3.0-patch3	3.3.0-patch3.x
cisco / identity_services_engine_passive_identity_connector	3.3.0-patch4	3.3.0-patch4.x
cisco / identity_services_engine_passive_identity_connector	3.3.0-patch5	3.3.0-patch5.x
cisco / identity_services_engine_passive_identity_connector	-	3.3.0
cisco / identity_services_engine_passive_identity_connector	3.3.0-patch6	3.3.0-patch6.x
cisco / identity_services_engine_passive_identity_connector	3.4.0	3.4.0.x
cisco / identity_services_engine_passive_identity_connector	3.4.0-patch1	3.4.0-patch1.x

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO

Vulnerability Database

CVE-2025-20283