CVE-2025-20152

A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-restart-ss-uf986G2Q

Configurations

No configuration.

History

21 May 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-21 17:15

Updated : 2025-05-21 20:24

NVD link : CVE-2025-20152

Mitre link : CVE-2025-20152

CVE.ORG link : CVE-2025-20152

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

8.6 /10