A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root.
This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
                
            References
                    | Link | Resource | 
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO | Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| 
 | 
Configuration 2 (hide)
| 
 | 
History
                    22 Jul 2025, 14:19
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO - Vendor Advisory | |
| First Time | Cisco identity Services Engine Passive Identity Connector Cisco Cisco identity Services Engine | |
| CPE | cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:* | 
17 Jul 2025, 21:15
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
16 Jul 2025, 17:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-07-16 17:15
Updated : 2025-07-22 14:19
NVD link : CVE-2025-20284
Mitre link : CVE-2025-20284
CVE.ORG link : CVE-2025-20284
JSON object : View
Products Affected
                cisco
- identity_services_engine_passive_identity_connector
- identity_services_engine
CWE
                
                    
                        
                        CWE-74
                        
            Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
