CVE-2025-20125

Name of the Vulnerable Software and Affected Versions Cisco ISE versions (affected versions not specified)

Description A lack of authorization in a specific API and improper validation of user-supplied data could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. The attacker could exploit this issue by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to obtain information, modify system configuration, and reload the device. This issue could be exploited by an attacker with valid read-only administrative credentials. It is estimated that over 45,000 organizations worldwide could be affected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.