CISCO ISE & UIC Security Flaws Allow DoS, Privilege Escalation
Summary: Cisco has disclosed multiple vulnerabilities affecting its Identity Services Engine (ISE) and Unified Intelligence Center (UIC).
The ISE bug, tracked as CVE-2025-20152, impacts the RADIUS message processing feature and could be exploited remotely, without authentication, to cause ISE to reload, leading to a denial of service (DoS) condition.
| OEM | CISCO |
| Severity | HIGH |
| CVSS Score | 8.6 |
| CVEs | CVE-2025-20152, CVE-2025-20113, CVE-2025-20114 |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
This include a critical denial-of-service (DoS) vulnerability in the RADIUS protocol processing (CVE-2025-20152) and two privilege escalation flaws (CVE-2025-20113, CVE-2025-20114).
These unpatched issues, could result in network disruption and unauthorized access to sensitive data.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| RADIUS DoS Vulnerability | CVE-2025-20152 | Cisco Identity Services Engine | High | ISE 3.4 Patch 1 (3.4P1) |
| Privilege Escalation Vulnerability | CVE-2025-20113 | Unified Intelligence Center | High | UIC 12.5(1)SU ES04, 12.6(2)ES04 |
| Privilege Escalation Vulnerability | CVE-2025-20114 | Unified Intelligence Center | High | UIC 12.5(1)SU ES04, 12.6(2)ES04 |
Technical Summary
The vulnerabilities identified in ISE and UIC products are critical and the allow an authenticated attacker to elevate their privileges to those of an administrator, for a limited set of functions on a vulnerable system by potentially accessing or manipulating unauthorized data.
Medium-severity bugs were also resolved in Webex, Webex Meetings, Secure Network Analytics Manager, Secure Network Analytics Virtual Manager, ISE, Duo, Unified Communications and Contact Center Solutions, and Unified Contact Center Enterprise (CCE).
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-20152 | CISCO ISE 3.4 | Improper handling of malformed RADIUS authentication requests can cause a system reload. | Denial of Service (DoS), Network Disruption |
| CVE-2025-20113 | Unified Intelligence Center 12.5, 12.6 | Insufficient server-side validation in API/HTTP requests may allow an authenticated attacker to escalate privileges to Admin level for certain functions. | Privilege Escalation, Unauthorized Data Access |
| CVE-2025-20114 | Unified Intelligence Center 12.5, 12.6 | Insufficient input validation in API allows IDOR attacks, enabling attackers to access data of other users. | Horizontal Privilege Escalation, Data Exposure |
Remediation:
Cisco has released security updates to address these vulnerabilities:
- For CVE-2025-20152 (Cisco ISE):
Upgrade to ISE 3.4P1 or later. No workarounds exist; RADIUS services are enabled by default, making immediate patching critical.
- For CVE-2025-20113 and CVE-2025-20114 (UIC):
Upgrade to:
- UIC 12.5(1)SU ES04 or later.
- UIC 12.6(2)ES04 or later.
- Unified CCX users should migrate to a fixed release if using affected versions.
Administrators are advised to verify product versions and apply patches through official Cisco channels.
Conclusion:
These vulnerabilities pose significant security risks especially CVE-2025-20152, which affects the core authentication protocol in many Cisco ISE deployments.
Organizations should prioritize updates to mitigate risks of denial-of-service attacks and unauthorized data access. No exploitation in the wild has been observed so far, but given the critical nature, immediate action is strongly recommended.
References: