How severe is CVE-2025-20125?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2025-20125?

This is classified as CWE-285, which is a common weakness in software security.

CVE-2025-20125 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

Related Vulnerabilities

CVE-2015-3656

HIGH

CVSS:7.2(High)

Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authoriz...

CWE-2852015

CVE-2016-10848

HIGH

CVSS:7.2(High)

cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81).

CWE-2852016

CVE-2017-12160

HIGH

CVSS:7.2(High)

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission rev...

CWE-2852017

CVE-2017-8777

HIGH

CVSS:7.2(High)

Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization.

CWE-2852017

CVE-2018-14666

HIGH

CVSS:7.2(High)

An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organizat...

CWE-2852018

CVE-2019-1859

HIGH

CVSS:7.2(High)

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to passwo...

CWE-2852019