CVE Details
Basic Information
| Title |
CVE-2025-20152 |
| Type |
cve |
| Published |
2025-05-21T17:15:56 |
| Last Seen |
2025-05-21T17:24:50 |
CVSS Information
| Base Score |
8.6 (HIGH) |
| Attack Vector |
NETWORK |
| Attack Complexity |
LOW |
| Privileges Required |
NONE |
| User Interaction |
NONE |
| Scope |
CHANGED |
| Confidentiality Impact |
NONE |
| Integrity Impact |
NONE |
| Availability Impact |
HIGH |
AI Analysis
| AI Description |
A vulnerability in Cisco Identity Services Engine (ISE) allows remote attackers to cause a denial of service by sending specific RADIUS requests, leading to device reloads. |
| AI Severity |
Critical |
| Vendor |
Cisco Systems |
| Product |
Cisco Identity Services Engine (ISE) |
| Affected Version |
Not specified |
Additional Information
| CVE List |
CVE-2025-20152 |
| CWE List |
CWE-125 |
| Bulletin Family |
cve |
Description
A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper handling of certain RADIUS requests. An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload.
CVSS Score Summary
Base Score: %!f(string=#) (HIGH)
View Full CVE Details
