- Description
- A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.
- Source
- psirt@cisco.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.3
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
- Severity
- CRITICAL
- psirt@cisco.com
- CWE-285
- Hype score
- Not currently trending
CVE-2025-20125 (CVSS:9.1, CRITICAL) is Received. A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to..https://t.co/FPtD2rcQSr #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
10 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Cisco just patched two critical vulnerabilities in Identity Services Engine (ISE) that could allow attackers to execute arbitrary commands and escalate privileges remotely. ⚠️ CVE-2025-20124 & CVE-2025-20125 carry CVSS scores of 9.9 and 9.1. https://t.co/w6Ig7cL792
@achi_tech
9 Feb 2025
29 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری های جدیدی با کدهای شناسایی CVE-2025-20124 و CVE-2025-20125 برای محصول Identity Services Engine (ISE) سیسکو منتشر شده است که به هکرها امکان اجرای کامند با دسترسی root به صورت ریموت و انجام فرایند bypass authorization را می دهد .
@cybernetic_cy
9 Feb 2025
113 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری های جدیدی با کدهای شناسایی CVE-2025-20124 و CVE-2025-20125 برای محصول Identity Services Engine (ISE) سیسکو منتشر شده است که به هکرها امکان اجرای کامند با دسترسی root به صورت ریموت و انجام فرایند bypass authorization را می دهد . https://t.co/Poz3aKY03t https://t.co/YBHZ
@AmirHossein_sec
8 Feb 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISCO ALERT: Critical Flaws Patched! Two critical ISE vulnerabilities (CVE-2025-20124 & CVE-2025-20125) could let attackers execute commands or change configs! Medium-severity bugs also fixed. No exploits yet—Update NOW! 🔥 https://t.co/Cosv7bANfe #CyberSecurity #InfoSec…
@dCypherIO
7 Feb 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cisco acaba de lanzar nuevos parches para dos fallas de seguridad (CVE-2025-20124 y CVE-2025-20125) que pueden ser explotadas por atacantes remotos con privilegios de administrador de solo lectura para ejecutar comandos arbitrarios como root y eludir la autorización. 🧉 https://
@MarquisioX
7 Feb 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine 📊 1.1K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/dGTzo2sIKR 👇Query HUNTER :https://t.co/q9rtuGfZuz="Cisco IS
@HunterMapping
7 Feb 2025
814 Impressions
0 Retweets
4 Likes
2 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Cisco Identity Services Engine (ISE) - CVE-2025-20124, CVE-2025-20125 Cisco has released software updates to address these vulnerabilities. Immediate patching is recommended to prevent potential exploitation. #RedLeg... https://t.co/OSwIGuqbLA
@RedLegg
6 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities in Cisco ISE (CVE-2025-20124, CVE-2025-20125) allow remote command execution by attackers. Patches are available—upgrade now to protect systems! 🔒 #Cisco #ISE #USA link: https://t.co/Dsf31Kblmp https://t.co/680PbuMQu0
@TweetThreatNews
6 Feb 2025
72 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Warning: Two critical vulnerabilities (CVE-2025-20124, CVSS:9.9; CVE-2025-20125, CVSS 9.1) have been patched in #Cisco Identity Services Engine (ISE). Our advisory is here: https://t.co/YozOrg89z9. Time to #Patch #Patch #Patch
@CCBalert
6 Feb 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco has patched critical vulnerabilities (CVE-2025-20124 & CVE-2025-20125) in Identity Services Engine (ISE) enabling remote command execution and privilege escalation. Users should upgrade immediately! ⚠️ #CiscoISE #VulnerabilityAlert link: https://t.co/DTNSQISVOS http
@TweetThreatNews
6 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Cisco Patches Critical Identity Services Engine (ISE) #Vulnerabilities with CVSS 9.1 & 9.1 Enabling Root Remote Code Execution (#RCE) and Privilege Escalation (CVE-2025-20124,CVE-2025-20125). Both CVEs are API flaws (Deserialization & Auth bypass): https://t.co/jwFUdPj8
@securestep9
6 Feb 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 Cisco just patched two critical vulnerabilities in Identity Services Engine (ISE) that could allow attackers to execute arbitrary commands and escalate privileges remotely. ⚠️ CVE-2025-20124 & CVE-2025-20125 carry CVSS scores of 9.9 and 9.1. Read — https://t.co/V6N0sGy0
@TheHackersNews
6 Feb 2025
18029 Impressions
91 Retweets
176 Likes
28 Bookmarks
3 Replies
3 Quotes
⚠️⚠️ CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine 🎯484+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/sepwYVyBPu FOFA Query:app="CISCO-ISE"… https://t.co/VZm6ArzOUl
@fofabot
6 Feb 2025
1751 Impressions
3 Retweets
23 Likes
4 Bookmarks
1 Reply
0 Quotes
Cisco Identity Services Engineに存在する 2つの脆弱性 CVSS 9.9 Critical について 影響を受ける製品:Cisco ISE および Cisco ISE Passive Identity Connector ・不適切なJavaデシリアライズ (CVE-2025-20124) ・認可バイパス (CVE-2025-20125) 速やかに修正済みバージョンへアップデートを推奨 https://t.co/zjUG0FJcBM
@t_nihonmatsu
6 Feb 2025
521 Impressions
3 Retweets
6 Likes
0 Bookmarks
1 Reply
0 Quotes
シスコ社がIdentity Services Engine (ISE)の重大(Critical)な脆弱性を修正。CVE-2025-20124はCVSSスコア9.9で、Javaの安全ではないデシリアライゼーション。CVE-2025-20125はCVSSスコア9.1の認証回避。現時点では実際の悪用は確認されていない。 https://t.co/cSr1WGEX58
@__kokumoto
6 Feb 2025
1845 Impressions
8 Retweets
28 Likes
8 Bookmarks
0 Replies
0 Quotes
CVE-2025-20124 (CVSS 9.9) & CVE-2025-20125 (CVSS 9.1): Cisco Patches Critical Flaws in Identity Services Engine https://t.co/DTDY00lU3X
@Dinosn
6 Feb 2025
6595 Impressions
41 Retweets
128 Likes
17 Bookmarks
0 Replies
0 Quotes
CVE-2025-20125 A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node con… https://t.co/KMfpxYmarm
@CVEnew
5 Feb 2025
249 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes