Threat Advisory

Cisco ISE Vulnerability Enables Unauthenticated Denial-of-Service Attacks

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY:

A high-severity denial-of-service (DoS) vulnerability has been discovered in Cisco Identity Services Engine (ISE), tracked as CVE-2025-20343. This flaw allows unauthenticated remote attackers to disrupt the availability of the affected system by sending specially crafted RADIUS authentication requests, potentially causing the ISE server to become unresponsive.

  • CVE-2025-20343: The vulnerability exists due to improper validation of specific RADIUS packets received by Cisco ISE. By exploiting this flaw, an attacker can send a sequence of maliciously crafted RADIUS requests to the targeted device without authentication, leading to a service crash or denial of RADIUS-based authentication for legitimate users. Cisco has assigned a CVSS v3.1 score of 8.6 (High) to this issue, emphasizing its potential to cause authentication outages and network access disruption across enterprise environments.

This vulnerability poses a significant risk to organizations relying on Cisco ISE for centralized identity and access management, as successful exploitation can interrupt network authentication and access control operations.

RECOMMENDATION:

We recommend you refer below mentioned link to apply patches for CVE-2025-20343: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh

REFERENCES:

The following reports contain further technical details:

https://securityonline.info/high-severity-cisco-ise-flaw-cve-2025-20343-allows-unauthenticated-dos-via-crafted-radius-requests/

crossmenu