CVE-2025-20281 - Cisco Identity Services Engine
AI Vulnerability ContextA vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API r...
Overview
A source-backed snapshot of this vulnerability.
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2025-20281
- Vendor/project
- Cisco
- Product
- Identity Services Engine
- Vulnerability name
- Cisco Identity Services Engine Injection Vulnerability
- Date added
- 2025-07-28
- Due date
- 2025-08-18
- Known ransomware campaign use
- Unknown
- CVSS v3
- 10.0
Exploit context
What the vulnerability is about.
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
