Analysis Summary

CVE-2025-20282 CVSS:10

Cisco Identity Services Engine could allow a remote attacker to execute arbitrary code on the system, caused by a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. By uploading a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code or obtain root privileges on the system.

CVE-2025-20281 CVSS:10

Cisco Identity Services Engine could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input. By sending a specially crafted API request, an attacker could exploit this vulnerability to obtain root privileges on an affected device.

CVE-2025-20264 CVSS:6.4

Cisco Identity Services Engine could allow a remote authenticated attacker to bypass security restrictions, caused by insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider in the web-based management interface. By sending a series of specific commands to an affected device, an attacker could exploit this vulnerability to modify a limited number of system settings, including some that would result in a system restart.

Impact

• Code Execution
• Security Bypass

Indicators of Compromise

CVE

• CVE-2025-20282

• CVE-2025-20281

• CVE-2025-20264

Affected Vendors

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2025-20282

CVE-2025-20281

CVE-2025-20264