Critical unauthenticated remote code execution vulnerability in Cisco ISE API that allows attackers to execute arbitrary code as root via crafted API requests. Actively exploited in the wild with CVSS 10.0 severity.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-06-25
Added to CISA KEV: 2025-07-28 33 DAYS BETWEEN CVE AND KEV
CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC.Critical Vulnerability in the SAP Internet Communication Manager Component Could Lead to Full System Takeover, Patch Available.
CVE-2025-20282: Caused by missing file validation checks, which allows a threat actor to upload files into privileged directories. A successful ...
On July 22, 2025, Cisco marked both CVE-2025-20281 and CVE-2025-20337 as actively exploited in attacks, urging admins to apply the security updates as soon as possible.
Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an ...
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A ...