CVE-2025-20282

CVE-2025-20282 is a critical-severity vulnerability in Cisco Identity Services Engine with a CVSS 3.x base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-269.

Key facts

Description

A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.

Frequently asked questions

What is CVE-2025-20282?
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
How severe is CVE-2025-20282?
CVE-2025-20282 has a CVSS 3.x base score of 10.0, rated critical severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity high, and availability high.
Is CVE-2025-20282 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 10% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2025-20282?
CVE-2025-20282 primarily affects Cisco Identity Services Engine. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2025-20282?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
Does CVE-2025-20282 have an EU (EUVD) identifier?
Yes. CVE-2025-20282 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-19166.
When was CVE-2025-20282 published?
CVE-2025-20282 was published on 2025-06-25 and last updated on 2026-06-17.

References

Affected products (4)

More vulnerabilities in Cisco Identity Services Engine

All CVEs affecting Cisco Identity Services Engine →

Other CWE-269 (Improper Privilege Management) vulnerabilities

Browse all CWE-269 (Improper Privilege Management) vulnerabilities →