Description

A vulnerability in the IP Access Restriction feature of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to bypass configured IP access restrictions and log in to the device from a disallowed IP address. This vulnerability is due to improper enforcement of access controls that are configured using the IP Access Restriction feature. An attacker could exploit this vulnerability by logging in to the API from an unauthorized source IP address. A successful exploit could allow the attacker to gain access to the targeted device from an IP address that should have been restricted. To exploit this vulnerability, the attacker must have valid administrative credentials.

INFO

Published Date :

2025-07-16T16:16:56.155Z

Last Modified :

2026-02-26T17:50:30.825Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2025-20285 vulnerability.

Vendors Products
Cisco
  • Identity Services Engine
  • Identity Services Engine Passive Identity Connector
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20285.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-3VpsXOxO cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact