Loading
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, the attacker must have valid high-privileged credentials.
Use CWE-74, Cisco vendor hub and Identity Services Engine product page to widen CVE-2025-20284 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-20337, CVE-2025-20282 and CVE-2025-20343 for nearby disclosures in the same product family. Additional editorial context is available in The Weekly Cybersecurity Brief: January 30th, 2026.