【Vulnerability Alert】Cisco ISE Security Vulnerability (CVE-2025-20124) – Immediate Mitigation Required

publish date : 2025-02-12 update date : 2025-02-12

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2025021109024949 Publication Time 2025/02/11 09:57
Incident Type ANA-Vulnerability Alert Discovery Time 2025/02/11 09:57
Impact Level Medium  
[Subject]
【Vulnerability Alert】Cisco ISE Security Vulnerability (CVE-2025-20124) – Immediate Mitigation Required
[Content]
Forwarded from the National Institute of Cyber Security NISAC-200-202502-00000037

Security researchers have discovered a deserialization vulnerability (CVE-2025-20124) in Cisco ISE. A remote attacker with read-only administrative privileges can exploit this vulnerability to execute arbitrary commands. Immediate verification and patching are strongly recommended.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
Security researchers have discovered a deserialization vulnerability (CVE-2025-20124) in Cisco ISE. A remote attacker with read-only administrative privileges can exploit this vulnerability to execute arbitrary commands. Immediate verification and patching are strongly recommended.
[Recommended Actions]
Cisco has released security updates to address this vulnerability. Please refer to the official advisory at:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF#fs
[Reference]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-20124
2. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center