CVE-2025-20124: Cisco Identity Services Engine Java Deserialization Vulnerability

9.9 CVSS

Description

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.

This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges.
Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

Classification

CVE ID: CVE-2025-20124

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.9

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Affected Products

Vendor: Cisco

Product: Cisco Identity Services Engine Software

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.96% (scored less or equal to compared to others)

EPSS Date: 2025-03-06 (when was this score calculated)

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF

Timeline

2025-02-05 16:17:29 UTC
Cisco Security Advisory

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
2025-02-06 00:30:15 UTC
CVE

Cisco Identity Services Engine Java Deserialization Vulnerability
2025-02-06 09:15:14 UTC
TheHackerNews

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc