Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-20125Improper Authorization in Cisco Identity Services Engine

CWE-285Improper AuthorizationCWE-862Missing AuthorizationCWE-502Deserialization of Untrusted Data6 documents6 sources
Severity
7.2HIGHNVD
CNA9.1
EPSS
2.1%
top 15.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Cisco Identity Services EngineCisco Identity Services Engine SoftwareCisco ISE Passive Identity Connector
Timeline
PublishedFeb 5
Latest updateAug 11

Description

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages3 packages

🔴Vulnerability Details

2
GHSA
GHSA-hrpp-92f9-h887: A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information,2025-02-05
CVEList
Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability2025-02-05

💥Exploits & PoCs

1
Exploit-DB
Cisco ISE 3.0 - Authorization Bypass2025-08-11

📋Vendor Advisories

1
Cisco
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities2025-02-05

🕵️Threat Intelligence

1
Bleepingcomputer
Critical Cisco ISE bug can let attackers run commands as root2025-02-06
CVE-2025-20125 — Improper Authorization in Cisco | cvebase