CVE-2025-20282 | A vulnerability in an internal API of Cisco ISE and Cisco IS… | CVSS 10.0 CRITICAL

Description

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.

Metadata

CVE ID: CVE-2025-20282
State: PUBLISHED
Assigner: cisco
Reserved: 2024-10-10 19:15 UTC
Published: 2025-06-25 16:29 UTC
Last updated: 2026-02-26 17:50 UTC
Primary CWE: CWE-269
Improper Privilege Management
Vendor / Product: Cisco / Cisco Identity Services Engine Software
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Cisco	Cisco Identity Services Engine Software	—	3.4.0, 3.4 Patch 1

Weakness (CWE)

CWE	Source	Description
CWE-269	cna	Improper Privilege Management

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References (1)

cisco-sa-ise-unauth-rce-ZAd2GnJ6 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6