Platform
cisco
Component
cisco-identity-services-engine-software
Fixed in
3.4.1
3.4.1
CVE-2025-20282 is a critical Remote Code Execution (RCE) vulnerability discovered in Cisco Identity Services Engine (ISE) software. This flaw allows an unauthenticated, remote attacker to upload arbitrary files to an affected device and subsequently execute them on the underlying operating system with root privileges. The vulnerability impacts Cisco ISE versions 3.4.0 and a patch is available from Cisco.
The impact of CVE-2025-20282 is severe. A successful exploit grants an attacker complete control over the affected Cisco ISE device. This includes the ability to install malware, steal sensitive data (authentication credentials, network configurations, user data), and pivot to other systems on the network. Given the central role ISE plays in network access control, a compromised ISE device could lead to widespread network breaches and data exfiltration. The ability to execute code as root significantly expands the attack surface and potential for lateral movement within the network. This vulnerability shares similarities with other file upload vulnerabilities where insufficient validation allows for arbitrary code execution, potentially leading to a complete system takeover.
CVE-2025-20282 was publicly disclosed on June 25, 2025. The vulnerability's critical severity and ease of exploitation (unauthenticated access) suggest a high probability of exploitation. While no public proof-of-concept (PoC) has been released as of this writing, the potential for rapid development and dissemination of exploits is high. Monitor security advisories and threat intelligence feeds for updates on exploitation activity. This vulnerability has not yet been added to the CISA KEV catalog.
Exploit Status
EPSS
0.29% (53% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-20282 is to upgrade to a patched version of Cisco ISE as soon as possible. Cisco has released a security advisory with details on the fixed versions. If immediate patching is not feasible, consider implementing temporary workarounds such as restricting network access to the ISE device, implementing strict firewall rules to limit external connections, and closely monitoring ISE logs for suspicious activity. While a WAF might offer some protection, it's unlikely to be sufficient against a targeted exploit. Verify the upgrade by attempting to upload a test file and confirming that the upload is rejected or handled securely, preventing code execution.
Update Cisco Identity Services Engine Software to a version that is not vulnerable. See the Cisco advisory for more details and specific instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-20282 is a critical Remote Code Execution vulnerability in Cisco ISE that allows unauthenticated attackers to upload and execute arbitrary files as root, potentially gaining full control of the device.
If you are running Cisco ISE version 3.4.0, you are affected by this vulnerability. Check Cisco's advisory for a complete list of affected versions.
The recommended fix is to upgrade to a patched version of Cisco ISE as soon as possible. Refer to the official Cisco security advisory for details on available patches.
While no public exploits are currently known, the vulnerability's critical severity and ease of exploitation suggest a high probability of exploitation. Continuous monitoring is crucial.
Refer to the official Cisco Security Advisory for CVE-2025-20282 on the Cisco website (search for 'CVE-2025-20282 Cisco' on Cisco.com).
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.