CVE-2025-20283 Information

Jul 17, 2025 cve

Description

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated remote attacker to execute arbitrary code on the underlying operating system as root.

This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability the attacker must have valid high-privileged credentials.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5

CNNVD-202507-2259 (Published: 2025-07-16)

Share on:

CVE-2025-20283 Information

Description

CVSS Vector

Reference

Attack Complexity

Privileges Required

User Interaction Required

Scope

Confidentiality Impact

Integrity Impact

Availability Impact

Base Score

Base Severity

Related CNNVD