Analysis Summary

CVE-2025-20337 CVSS:10

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

CVE-2025-20285 CVSS:4.1

Cisco Identity Services Engine could allow a remote authenticated attacker to bypass security restrictions, caused by improper enforcement of access controls that are configured using the IP Access Restriction feature. By logging in to the API from an unauthorized source IP address, an attacker could exploit this vulnerability to bypass configured IP access restrictions and log in to the device from a disallowed IP address.

CVE-2025-20288 CVSS:5.8

Cisco Unified Intelligence Center is vulnerable to server-side request forgery, caused by improper input validation for specific HTTP requests. By using a specially crafted HTTP request, an attacker could exploit this vulnerability to send arbitrary network requests that are sourced from the affected device and conduct SSRF attack.

CVE-2025-20284 CVSS:6.5

Cisco Identity Services Engine could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input. By sending a specially crafted API request, an attacker could execute arbitrary code on the underlying operating system as root.

CVE-2025-20283 CVSS:6.5

Cisco Identity Services Engine could allow a remote attacker to execute arbitrary code on the system, caused by insufficient validation of user-supplied input. By sending a specially crafted API request, an attacker could execute arbitrary code on the underlying operating system as root.

CVE-2025-20274 CVSS:6.3

Cisco Unified Intelligence Center file could allow a remote attacker to upload arbitrary files on the system, caused by improper validation of files that are uploaded to the web-based management interface. By uploading arbitrary files to an affected device, an attacker could exploit this vulnerability to store malicious files on the system and execute arbitrary commands on the operating system.

CVE-2025-20272 CVSS:4.3

Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) is vulnerable to SQL injection, caused by a vulnerability in a subset of REST APIs. A remote authenticated attacker could send specially crafted SQL statements to view data in some database tables on an affected device.

Impact

• Code Execution
• Security Bypass
• Gain Access

Indicators of Compromise

CVE

• CVE-2025-20337

• CVE-2025-20285

• CVE-2025-20288

• CVE-2025-20284

• CVE-2025-20283

• CVE-2025-20274

• CVE-2025-20272

Affected Vendors

Remediation

Refer to Cisco Website for patch, upgrade, or suggested workaround information.

CVE-2025-20337

CVE-2025-20285

CVE-2025-20288

CVE-2025-20284

CVE-2025-20283

CVE-2025-20274

CVE-2025-20272