Severity
High
Analysis Summary
CVE-2025-20124 CVSS:9.9
Cisco Identity Services Engine (ISE) could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the insecure deserialization of user-supplied Java byte streams.
CVE-2025-20125 CVSS:9.1
Cisco Identity Services Engine (ISE) could allow a remote authenticated attacker to bypass security restrictions, caused by a lack of authorization in a specific API and improper validation of user-supplied data.
Impact
- Security Bypass
- Gain Access
Indicators of Compromise
CVE
CVE-2025-20124
CVE-2025-20125
Affected Vendors
- Cisco
Affected Products
- Cisco Identity Services Engine Software - 3.0.0 - 3.0.0 p1 - 3.0.0 p2 - 3.0.0 p3 - 3.1.0 - 3.0.0 p4
- Cisco Identity Services Engine Software - 3.1.0 p1 - 3.0.0 p5 - 3.1.0 p3 - 3.1.0 p2 - 3.0.0 p6 - 3.2.0
- Cisco ISE Passive Identity Connector - 3.0.0 - 3.2.0 - 3.1.0 - 3.3.0
- Cisco Identity Services Engine Software - 3.1.0 p8 - 3.2.0 p5 - 3.2.0 p6 - 3.1.0 p9 - 3.3 Patch 2 - 3.3 Patch 1 - 3.3 Patch 3
Remediation
Upgrade to the latest version of Identity Services Engine, available from the Cisco Website.