CVE-2025-20281

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine and Cisco ISE-PIC versions 3.3 and later Cisco ISE versions prior to 3.3 Patch 7 Cisco ISE versions prior to 3.4 Patch 2

Description A vulnerability exists in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input. This allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The vulnerability is actively exploited and a complete exploit chain has been published. The API abuse of this vulnerability was observed in the CoinDCX breach. The vulnerability allows attackers to send crafted API requests to execute commands without requiring valid credentials.

Recommendations Update Cisco ISE to version 3.3 Patch 7 or later. Update Cisco ISE to version 3.4 Patch 2 or later.