Action required – Critical bug reported in Cisco ISE API
Two critical security vulnerabilities, CVE-2025-20124 and CVE-2025-20125, have been identified in the API of Cisco Identity Services Engine (ISE), a platform widely used for network access control and security policy management. These vulnerabilities pose significant risks, potentially allowing attackers to execute arbitrary commands and gain unauthorized access to sensitive information.
CVE-2025-20124: Insecure Deserialization Leading to Command Execution
Dan Marin and Sebastian Radulea discovered CVE-2025-20124, a critical vulnerability caused by insecure deserialization of user-supplied Java byte streams. An authenticated, remote attacker with valid read-only administrative credentials can exploit this flaw by sending a crafted serialized Java object to a specific API. Successful exploitation allows the attacker to execute arbitrary commands as the root user, leading to potential full system compromise. Researchers assigned a CVSS score of 9.9 to this vulnerability, indicating its critical severity.
CVE-2025-20125: Authorization Bypass via API
CVE-2025-20125 reported by Sebastian Radulea, arises from improper authorization checks and insufficient validation of user-supplied data in a specific API of Cisco ISE. An authenticated, remote attacker with valid read-only credentials can exploit this vulnerability by sending crafted HTTP requests to the affected API. This can lead to unauthorized information disclosure, modification of system configurations, and the ability to reload the device, potentially disrupting network operations. The CVSS score for this vulnerability is 9.1, reflecting its critical impact.
Cisco has acknowledged these vulnerabilities and released software updates to address them. The company has issued a security advisory detailing the vulnerabilities and providing guidance on updating affected systems. Cisco strongly recommends that users upgrade their ISE deployments to the latest patched versions promptly. Organizations should also review their ISE configurations and access control policies to ensure adherence to security best practices. Regular security audits and vulnerability scanning are advised to identify and mitigate potential weaknesses in network infrastructure.
See more: Update MobSF Now: Fixes for Two Major Vulnerabilities
See more: Critical Vulnerability Discovered in SonicWall SSLVPN
We hope you found article interesting. For more exclusive content follow us on Facebook, Twitter and LinkedIn
