6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Insecure Java Deserialization in Cisco Identity Services Engine (ISE)
CVSS Score: 9.9 (Critical)
Identifier: CVE-2025-20124
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2025-20124 – Cisco Security Advisory
Description: CVE-2025-20124 is a critical vulnerability in the API of Cisco Identity Services Engine (ISE). This flaw arises from insecure deserialization of user-supplied Java byte streams. An authenticated, remote attacker with valid read-only administrative credentials could exploit this vulnerability by sending a crafted serialized Java object to the affected API. Successful exploitation allows the attacker to execute arbitrary commands as the root user on the affected device, leading to a complete system compromise.
Mitigation Recommendation: Patching is currently the only method of mitigation. Cisco has released software updates to address this vulnerability. Administrators are advised to update to the fixed releases as specified in the Cisco Security Advisory. Immediate patching is recommended to prevent potential exploitation.
Note: Given the critical nature of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.
Insecure Java Deserialization in Cisco Identity Services Engine (ISE)
CVSS Score: 9.1 (Critical)
Identifier: CVE-2025-20125
Exploit or POC: No known public proof of concept has been reported.
Update: CVE-2025-20125 – Cisco Security Advisory
Description: CVE-2025-20125 is a critical vulnerability in the API of Cisco Identity Services Engine (ISE). This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device.
Mitigation Recommendation: Patching is currently the only method of mitigation. Cisco has released software updates to address this vulnerability. Administrators are advised to update to the fixed releases as specified in the Cisco Security Advisory. Immediate patching is recommended to prevent potential exploitation.
Note: Given the critical nature of this vulnerability, it is imperative to apply the recommended patches promptly to secure your systems.
