Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-20124Deserialization of Untrusted Data in Cisco Identity Services Engine

CWE-502Deserialization of Untrusted DataCWE-285Improper Authorization6 documents6 sources
Severity
7.2HIGHNVD
CNA9.9
EPSS
8.3%
top 7.73%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Cisco Identity Services EngineCisco Identity Services Engine SoftwareCisco ISE Passive Identity Connector
Timeline
PublishedFeb 5
Latest updateAug 11

Description

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note:

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

2
CVEList
Cisco Identity Services Engine Java Deserialization Vulnerability2025-02-05
GHSA
GHSA-4ch8-9r52-j78v: A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected dev2025-02-05

💥Exploits & PoCs

1
Exploit-DB
Cisco ISE 3.0 - Remote Code Execution (RCE)2025-08-11

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities2025-02-05

🕵️Threat Intelligence

1
Bleepingcomputer
Critical Cisco ISE bug can let attackers run commands as root2025-02-06
CVE-2025-20124 — Deserialization of Untrusted Data | cvebase