CVE-2025-20281

critical-risk
Published 2025-06-25

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Do I need to act?

!
28.2% chance of exploitation in next 30 days
EPSS score — higher than 72% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (18)

Affected Vendors

Cisco

References (3)

Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
Exploit https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-un...
74
/ 100
critical-risk
Severity 33/34 · Critical
Exploitability 22/34 · High
Exposure 19/34 · Moderate