CVE-2025-20124

Cisco Identity Services Engine Java Deserialization Vulnerability

CVSS 9.9 CRITICALEPSS 16.3%CWE-502

Vexday Risk Score

53Atenção

Decisão SSVC (CISA)

Attend

PoC disponível → acompanhar de perto

CVSS 9.9EPSS 16.3%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Ciclo de vida

05 fev 2025Publicada no NVD

11 ago 2025PoC pública

Recomendação: Planejar correção próxima — já existe PoC pública.

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Produtos afetados

Cisco · Cisco Identity Services Engine Software Cisco · Cisco ISE Passive Identity Connector

PoCs públicas encontradas — 2

githubgithub.com/ftz7/Cisco-ISE-3.0---Remote-Code-Execution-RCE-★ 1 exploitdbwww.exploit-db.com/exploits/52396não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF