Cisco has published a security advisory for a high-severity vulnerability impacting its Identity Services Engine (ISE) product. Tracked as CVE-2025-20152, the flaw carries a CVSS score of 8.6 and could allow unauthenticated remote attackers to trigger a denial of service (DoS) on affected devices.
The vulnerability stems from improper handling of certain RADIUS requests. Attackers can exploit it by sending specially crafted authentication requests to network access devices (NADs) that rely on Cisco ISE for AAA (authentication, authorization, and accounting).
“An attacker could exploit this vulnerability by sending a specific authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). A successful exploit could allow the attacker to cause Cisco ISE to reload,” the advisory explains.
This flaw could result in repeated service interruptions, disrupting network authentication and security operations.
Only Cisco ISE instances with RADIUS authentication services enabled are vulnerable. Since RADIUS is enabled by default, many deployments are at risk unless specifically configured otherwise. However, systems using only TACACS+ are not affected.
Cisco has confirmed that, as of the time of publication, there have been no reports of public exploitation or malicious use of this vulnerability.
Cisco has addressed the issue in Cisco ISE 3.4 Patch 1 (3.4P1). Earlier versions such as 3.3 and below are not affected. Administrators should prioritize updating to the fixed release to avoid potential service disruptions from malicious RADIUS packets.
