CVE-2025-20281

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

CVSS

No CVSS.

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6	Vendor Advisory
https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:identity_services_engine:3.4.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5::::::
	cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1::::::
	cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6::::::
	cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6::::::

History

30 Jul 2025, 19:24

Type	Values Removed	Values Added
References	~~() https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability -~~	() https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability - Exploit, Third Party Advisory

30 Jul 2025, 02:17

Type	Values Removed	Values Added
References		() https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability -
CVSS	v2 : ~~unknown~~ v3 : ~~10.0~~	v2 : unknown v3 : unknown

29 Jul 2025, 15:08

Type	Values Removed	Values Added
CPE		cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6::::::

16 Jul 2025, 17:15

Type	Values Removed	Values Added
CWE	~~CWE-74~~
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 10.0

26 Jun 2025, 20:35

Type	Values Removed	Values Added
First Time		Cisco identity Services Engine Cisco identity Services Engine Passive Identity Connector Cisco
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 - Vendor Advisory
CPE		cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:::::: cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:::::: cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:::::: cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-::::::

25 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-25 16:15

Updated : 2025-07-30 19:24

NVD link : CVE-2025-20281

Mitre link : CVE-2025-20281

JSON object : View

Products Affected

cisco

identity_services_engine
identity_services_engine_passive_identity_connector

CWE

No CWE.

JSON object

Attach tags to CVE-2025-20281

Attach tags to `CVE-2025-20281`