What is the CVSS score of CVE-2025-20124?

CVE-2025-20124 has a CVSS 3.1 base score of 9.9 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H. EPSS exploitation probability: 8.3%.

Which versions of Java are affected by CVE-2025-20124?

Organizations using A vulnerability in an API of Cisco face critical risk from CVE-2025-20124, a insecure deserialization vulnerability rated CVSS 9.9.

Is there a public PoC exploit available for CVE-2025-20124?

Yes, a public proof-of-concept exploit is available for CVE-2025-20124. Prioritise patching immediately. EPSS: 8.3%.

How to fix or mitigate CVE-2025-20124?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Restrict deserialization to trusted data sources and implement integrity checks.

Java CVE-2025-20124

CRITICAL

Deserialization of Untrusted Data (CWE-502)

2025-02-05 psirt@cisco.com

Java Deserialization Cisco Identity Services Engine

9.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:25 vuln.today

PoC Detected

Mar 28, 2025 - 13:22 vuln.today

Public exploit code

CVE Published

Feb 05, 2025 - 17:15 nvd

CRITICAL 9.9

DescriptionNVD

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.

This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

AnalysisAI

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note: To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time. Affected products include: Cisco Identity Services Engine.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.

CVE-2025-20124 vulnerability details – vuln.today

Back