← volver
CVE-2025-20124

Cisco Identity Services Engine Java Deserialization Vulnerability

CVSS 9.9 CRITICALEPSS 16.3%CWE-502
Vexday Risk Score
53Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 9.9EPSS 16.3%KEV nãoPoC públicaNuclei Metasploit Patch
Ciclo de vida
05 feb 2025Publicada en NVD
11 ago 2025PoC pública
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
Productos afectados
Cisco · Cisco Identity Services Engine SoftwareCisco · Cisco ISE Passive Identity Connector
PoCs públicas encontradas2
githubgithub.com/ftz7/Cisco-ISE-3.0---Remote-Code-Execution-RCE-1exploitdbwww.exploit-db.com/exploits/52396no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF