What is the severity of CVE-2025-20125?

CVE-2025-20125 has been assessed as a high severity vulnerability due to its potential impact on sensitive information and node configurations.

How do I fix CVE-2025-20125?

To remediate CVE-2025-20125, ensure that all sensitive APIs are properly secured with adequate authorization measures.

Who is affected by CVE-2025-20125?

CVE-2025-20125 affects users of Cisco Identity Services Engine with valid read-only credentials.

What can an attacker do with CVE-2025-20125?

An attacker exploiting CVE-2025-20125 can obtain sensitive information, modify node configurations, and restart the affected node.

Is there a patch available for CVE-2025-20125?

Yes, Cisco has provided updates to address the vulnerabilities associated with CVE-2025-20125.

Vulnerability/
CVE-2025-20125

critical

9.1

CWE

285

5/2/2025

CVE-2025-20125: Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability

First published: Wed Feb 05 2025(Updated: )

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

Credit: psirt@cisco.com

Affected Software	Affected Version	How to fix
Cisco Identity Services Engine

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2025-20125?
CVE-2025-20125 has been assessed as a high severity vulnerability due to its potential impact on sensitive information and node configurations.
How do I fix CVE-2025-20125?
To remediate CVE-2025-20125, ensure that all sensitive APIs are properly secured with adequate authorization measures.
Who is affected by CVE-2025-20125?
CVE-2025-20125 affects users of Cisco Identity Services Engine with valid read-only credentials.
What can an attacker do with CVE-2025-20125?
An attacker exploiting CVE-2025-20125 can obtain sensitive information, modify node configurations, and restart the affected node.
Is there a patch available for CVE-2025-20125?
Yes, Cisco has provided updates to address the vulnerabilities associated with CVE-2025-20125.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/first-publish-date
agent/description
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
agent/last-modified-date
agent/author
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2025-20124
alias/CVE-2025-20125
alias/CVE-2025-20169
alias/CVE-2025-20170
alias/CVE-2025-20171
alias/CVE-2024-20397
agent/news-ai
agent/source
agent/severity
agent/tags
agent/references
agent/event
agent/trending
vendor/cisco
canonical/cisco identity services engine

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.