- Description
- A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
- Source
- psirt@cisco.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-502
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2025-20124
@transilienceai
19 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-20124 (CVSS:9.9, CRITICAL) is Received. A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as th..https://t.co/AGjw5MXORa #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
10 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-12754 2 - CVE-2025-23369 3 - CVE-2024-46982 4 - CVE-2025-23419 5 - CVE-2025-20124 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
10 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Cisco just patched two critical vulnerabilities in Identity Services Engine (ISE) that could allow attackers to execute arbitrary commands and escalate privileges remotely. ⚠️ CVE-2025-20124 & CVE-2025-20125 carry CVSS scores of 9.9 and 9.1. https://t.co/w6Ig7cL792
@achi_tech
9 Feb 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری های جدیدی با کدهای شناسایی CVE-2025-20124 و CVE-2025-20125 برای محصول Identity Services Engine (ISE) سیسکو منتشر شده است که به هکرها امکان اجرای کامند با دسترسی root به صورت ریموت و انجام فرایند bypass authorization را می دهد .
@cybernetic_cy
9 Feb 2025
113 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-20124
@transilienceai
9 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
آسیب پذیری های جدیدی با کدهای شناسایی CVE-2025-20124 و CVE-2025-20125 برای محصول Identity Services Engine (ISE) سیسکو منتشر شده است که به هکرها امکان اجرای کامند با دسترسی root به صورت ریموت و انجام فرایند bypass authorization را می دهد . https://t.co/Poz3aKY03t https://t.co/YBHZ
@AmirHossein_sec
8 Feb 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISCO ALERT: Critical Flaws Patched! Two critical ISE vulnerabilities (CVE-2025-20124 & CVE-2025-20125) could let attackers execute commands or change configs! Medium-severity bugs also fixed. No exploits yet—Update NOW! 🔥 https://t.co/Cosv7bANfe #CyberSecurity #InfoSec…
@dCypherIO
7 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco acaba de lanzar nuevos parches para dos fallas de seguridad (CVE-2025-20124 y CVE-2025-20125) que pueden ser explotadas por atacantes remotos con privilegios de administrador de solo lectura para ejecutar comandos arbitrarios como root y eludir la autorización. 🧉 https://
@MarquisioX
7 Feb 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine 📊 1.1K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/dGTzo2sIKR 👇Query HUNTER :https://t.co/q9rtuGfZuz="Cisco IS
@HunterMapping
7 Feb 2025
814 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Cisco Identity Services Engine (ISE) - CVE-2025-20124, CVE-2025-20125 Cisco has released software updates to address these vulnerabilities. Immediate patching is recommended to prevent potential exploitation. #RedLeg... https://t.co/OSwIGuqbLA
@RedLegg
6 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities in Cisco ISE (CVE-2025-20124, CVE-2025-20125) allow remote command execution by attackers. Patches are available—upgrade now to protect systems! 🔒 #Cisco #ISE #USA link: https://t.co/Dsf31Kblmp https://t.co/680PbuMQu0
@TweetThreatNews
6 Feb 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Warning: Two critical vulnerabilities (CVE-2025-20124, CVSS:9.9; CVE-2025-20125, CVSS 9.1) have been patched in #Cisco Identity Services Engine (ISE). Our advisory is here: https://t.co/YozOrg89z9. Time to #Patch #Patch #Patch
@CCBalert
6 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities (CVE-2025-20124) #AuthenticationBypassVulnerability #Cisco #CiscoISE #CVE202520124 #CVE202520125 https://t.co/x2Nrf1eQYP https://t.co/WyoRyja2o9
@SystemTek_UK
6 Feb 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco has patched critical vulnerabilities (CVE-2025-20124 & CVE-2025-20125) in Identity Services Engine (ISE) enabling remote command execution and privilege escalation. Users should upgrade immediately! ⚠️ #CiscoISE #VulnerabilityAlert link: https://t.co/DTNSQISVOS http
@TweetThreatNews
6 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cisco Patches Critical Identity Services Engine (ISE) #Vulnerabilities with CVSS 9.1 & 9.1 Enabling Root Remote Code Execution (#RCE) and Privilege Escalation (CVE-2025-20124,CVE-2025-20125). Both CVEs are API flaws (Deserialization & Auth bypass): https://t.co/jwFUdPj8
@securestep9
6 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Cisco just patched two critical vulnerabilities in Identity Services Engine (ISE) that could allow attackers to execute arbitrary commands and escalate privileges remotely. ⚠️ CVE-2025-20124 & CVE-2025-20125 carry CVSS scores of 9.9 and 9.1. Read — https://t.co/V6N0sGy0
@TheHackersNews
6 Feb 2025
18029 Impressions
91 Retweets
176 Likes
28 Bookmarks
3 Replies
3 Quotes
⚠️⚠️ CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine 🎯484+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/sepwYVyBPu FOFA Query:app="CISCO-ISE"… https://t.co/VZm6ArzOUl
@fofabot
6 Feb 2025
1751 Impressions
3 Retweets
23 Likes
4 Bookmarks
1 Reply
0 Quotes
Cisco Identity Services Engineに存在する 2つの脆弱性 CVSS 9.9 Critical について 影響を受ける製品:Cisco ISE および Cisco ISE Passive Identity Connector ・不適切なJavaデシリアライズ (CVE-2025-20124) ・認可バイパス (CVE-2025-20125) 速やかに修正済みバージョンへアップデートを推奨 https://t.co/zjUG0FJcBM
@t_nihonmatsu
6 Feb 2025
521 Impressions
3 Retweets
6 Likes
0 Bookmarks
1 Reply
0 Quotes
シスコ社がIdentity Services Engine (ISE)の重大(Critical)な脆弱性を修正。CVE-2025-20124はCVSSスコア9.9で、Javaの安全ではないデシリアライゼーション。CVE-2025-20125はCVSSスコア9.1の認証回避。現時点では実際の悪用は確認されていない。 https://t.co/cSr1WGEX58
@__kokumoto
6 Feb 2025
1845 Impressions
8 Retweets
28 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine https://t.co/DTDY00lU3X
@Dinosn
6 Feb 2025
6595 Impressions
41 Retweets
128 Likes
17 Bookmarks
0 Replies
0 Quotes
CVE-2025-20124 Command Injection Vulnerability in Cisco ISE API Enables Root-Level Remote Code Execution https://t.co/jA3U0xFN5B
@VulmonFeeds
5 Feb 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20124 A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vul… https://t.co/rWhwZsCLCB
@CVEnew
5 Feb 2025
299 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes