According to its self-reported version, Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities is affected by multiple vulnerabilities.

  - A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary     commands as the root user on an affected device. This vulnerability is due to insecure deserialization of     user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by     sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker     to execute arbitrary commands on the device and elevate privileges. Note:To successfully exploit     this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node     deployment, new devices will not be able to authenticate during the reload time. (CVE-2025-20124)

  - A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only     credentials to obtain sensitive information, change node configurations, and restart the node. This     vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied     data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on     the device. A successful exploit could allow the attacker to attacker to obtain information, modify system     configuration, and reload the device. Note:To successfully exploit this vulnerability, the attacker     must have valid read-only administrative credentials. In a single-node deployment, new devices will not be     able to authenticate during the reload time. (CVE-2025-20125)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Detections

Analytics

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities (cisco-sa-ise-multivuls-FTW9AOXF)

high Nessus Plugin ID 216074

Version 1.4

Version 1.3

Version 1.1

Version 1.4 Aug 13, 2025, 7:42 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202508131942
Version 1.3 May 23, 2025, 2:01 AM IAVM reference Plugin Feed: 202505230201
Version 1.1 Feb 12, 2025, 1:58 AM New Plugin Feed: 202502120158