CVE-2025-20125

HIGH EPSS 96.2%

Published Feb 5, 20251y ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published Feb 5, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

CVSS Details

Base Score

7.2

Exploitability

1.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

96.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-285

CWE-862 Missing Authorization Authorization

Affected Products 22

Vendor	Product	Version	Range
cisco	identity_services_engine	*	<3.1
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.1.0	any
cisco	identity_services_engine	3.2.0	any
cisco	identity_services_engine	3.2.0	any
cisco	identity_services_engine	3.2.0	any
cisco	identity_services_engine	3.2.0	any
cisco	identity_services_engine	3.2.0	any
cisco	identity_services_engine	3.2.0	any
cisco	identity_services_engine	3.2.0	any
cisco	identity_services_engine	3.3.0	any
cisco	identity_services_engine	3.3.0	any
cisco	identity_services_engine	3.3.0	any
cisco	identity_services_engine	3.3.0	any

References 1

sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.