Vulnerability Details CVE-2025-20125
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node.
This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device.
Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.4%
CVSS Severity
CVSS v3 Score 9.1
Products affected by CVE-2025-20125
-
cpe:2.3:a:cisco:identity_services_engine:-
-
cpe:2.3:a:cisco:identity_services_engine:002.002(000.916)
-
cpe:2.3:a:cisco:identity_services_engine:002.003(000.906)
-
cpe:2.3:a:cisco:identity_services_engine:002.004(000.911)
-
cpe:2.3:a:cisco:identity_services_engine:002.004(000.914)
-
cpe:2.3:a:cisco:identity_services_engine:002.006(000.156)
-
cpe:2.3:a:cisco:identity_services_engine:002.006(000.902)
-
cpe:2.3:a:cisco:identity_services_engine:002.007(000.356)
-
cpe:2.3:a:cisco:identity_services_engine:003.000(000.458)
-
cpe:2.3:a:cisco:identity_services_engine:1.0
-
cpe:2.3:a:cisco:identity_services_engine:1.0.4
-
cpe:2.3:a:cisco:identity_services_engine:1.1
-
cpe:2.3:a:cisco:identity_services_engine:1.1.1
-
cpe:2.3:a:cisco:identity_services_engine:1.1.2
-
cpe:2.3:a:cisco:identity_services_engine:1.1.3
-
cpe:2.3:a:cisco:identity_services_engine:1.1.4
-
cpe:2.3:a:cisco:identity_services_engine:1.2
-
cpe:2.3:a:cisco:identity_services_engine:1.2(1.199)
-
cpe:2.3:a:cisco:identity_services_engine:1.2.1
-
cpe:2.3:a:cisco:identity_services_engine:1.3
-
cpe:2.3:a:cisco:identity_services_engine:1.3(0.722)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(0.876)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(0.909)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(106.146)
-
cpe:2.3:a:cisco:identity_services_engine:1.3(120.135)
-
cpe:2.3:a:cisco:identity_services_engine:1.4
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.109)
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.181)
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.253)
-
cpe:2.3:a:cisco:identity_services_engine:1.4(0.908)
-
cpe:2.3:a:cisco:identity_services_engine:2.0
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.147)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.169)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.222)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.234)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.249)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(0.306)
-
cpe:2.3:a:cisco:identity_services_engine:2.0(1.130)
-
cpe:2.3:a:cisco:identity_services_engine:2.0.1
-
cpe:2.3:a:cisco:identity_services_engine:2.1
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.474)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.476)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.800)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.904)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(0.907)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(102.101)
-
cpe:2.3:a:cisco:identity_services_engine:2.1(102.103)
-
cpe:2.3:a:cisco:identity_services_engine:2.1.0
-
cpe:2.3:a:cisco:identity_services_engine:2.1_base
-
cpe:2.3:a:cisco:identity_services_engine:2.2
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.283)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.470)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.471)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.903)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.909)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(0.910)
-
cpe:2.3:a:cisco:identity_services_engine:2.2(1.145)
-
cpe:2.3:a:cisco:identity_services_engine:2.2.0
-
cpe:2.3:a:cisco:identity_services_engine:2.2.0.470
-
cpe:2.3:a:cisco:identity_services_engine:2.3
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.151)
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.298)
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.904)
-
cpe:2.3:a:cisco:identity_services_engine:2.3(0.905)
-
cpe:2.3:a:cisco:identity_services_engine:2.3.0
-
cpe:2.3:a:cisco:identity_services_engine:2.3.0.298
-
cpe:2.3:a:cisco:identity_services_engine:2.4
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.192)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.247)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.357)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.901)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.901.1)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.902)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.903)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(0.904)
-
cpe:2.3:a:cisco:identity_services_engine:2.4(100.159)
-
cpe:2.3:a:cisco:identity_services_engine:2.4.0
-
cpe:2.3:a:cisco:identity_services_engine:2.4.0.357
-
cpe:2.3:a:cisco:identity_services_engine:2.5
-
cpe:2.3:a:cisco:identity_services_engine:2.5(0.1)
-
cpe:2.3:a:cisco:identity_services_engine:2.5(0.225)
-
cpe:2.3:a:cisco:identity_services_engine:2.5(0.353)
-
cpe:2.3:a:cisco:identity_services_engine:2.6
-
cpe:2.3:a:cisco:identity_services_engine:2.6(0.156)
-
cpe:2.3:a:cisco:identity_services_engine:2.6(0.999)
-
cpe:2.3:a:cisco:identity_services_engine:2.6.0
-
cpe:2.3:a:cisco:identity_services_engine:2.6.0.156
-
cpe:2.3:a:cisco:identity_services_engine:2.7
-
cpe:2.3:a:cisco:identity_services_engine:2.7(0.207)
-
cpe:2.3:a:cisco:identity_services_engine:2.7(0.356)
-
cpe:2.3:a:cisco:identity_services_engine:2.7(0.903)
-
cpe:2.3:a:cisco:identity_services_engine:2.7.0
-
cpe:2.3:a:cisco:identity_services_engine:2.7.0.356
-
cpe:2.3:a:cisco:identity_services_engine:3.0(0.458)
-
cpe:2.3:a:cisco:identity_services_engine:3.0.0
-
cpe:2.3:a:cisco:identity_services_engine:3.1.0
-
cpe:2.3:a:cisco:identity_services_engine:3.2.0
-
cpe:2.3:a:cisco:identity_services_engine:3.3.0