CVE-2025-20343
Published: 05 November 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-20343 is a denial-of-service vulnerability in the RADIUS setting "Reject RADIUS requests from clients with repeated failures" within Cisco Identity Services Engine (ISE). The issue stems from a logic error during the processing of a RADIUS access request for a MAC address that is already classified as a rejected endpoint. This flaw, associated with CWE-697 and scored 8.6 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), can cause Cisco ISE to restart unexpectedly when exploited.
An unauthenticated, remote attacker can exploit this vulnerability by sending a specific sequence of multiple crafted RADIUS access request messages to the targeted Cisco ISE instance. Successful exploitation results in a denial-of-service (DoS) condition, as the repeated triggering of the logic error forces an unexpected restart of the ISE service, potentially disrupting network authentication and authorization functions.
For mitigation details, refer to the Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows unauthenticated remote attackers to exploit a logic error in Cisco ISE's RADIUS processing, causing a service restart and DoS condition, directly mapping to application exploitation for endpoint DoS.