By rssfeeds-admin Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that enable unauthenticated remote code execution (RCE) with root privileges.
Both flaws carry maximum CVSS scores of 10.0, indicating severe risk to unpatched systems.
The vulnerabilities allow attackers to completely compromise affected devices without authentication.
Technical Analysis of Exploitation Vectors
CVE-2025-20281 stems from insufficient input validation in a specific API.
Attackers can exploit this by sending crafted API requests to execute arbitrary commands as the root user. This affects ISE and ISE-PIC releases 3.3 and later.
CVE-2025-20282 involves an internal API flaw allowing file uploads to privileged directories. Attackers can upload malicious files and execute them as root, affecting only version 3.41.
Both vulnerabilities are independently exploitable and require no user interaction.
Successful exploitation grants full system control, enabling lateral movement within networks.
The CVSS vectors reflect their critical nature:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products and Remediation
| Product Version | CVE-2025-20281 Impact | CVE-2025-20282 Impact | Fixed Release |
|---|---|---|---|
| 3.2 and earlier | Not vulnerable | Not vulnerable | N/A |
| 3.3 | Vulnerable | Not vulnerable | Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz) |
| 3.4 | Vulnerable | Vulnerable | Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz) |
No workarounds exist; patching is the only mitigation.
Organizations should immediately apply relevant patches through Cisco’s standard update channels.
Version 3.4 requires patching for both vulnerabilities, while 3.3 only needs resolution for CVE-2025-202811.
Global Security Response
Security agencies worldwide—including Singapore’s CSA, Canada’s Cyber Centre, and the MS-ISAC—have issued alerts urging immediate action.
Cisco confirmed no active exploits but emphasized the criticality of these flaws in security policy enforcement systems.
Researchers from Trend Micro Zero Day Initiative and GMO Cybersecurity discovered the vulnerabilities, highlighting ongoing scrutiny of network infrastructure security.
Administrators should prioritize updating ISE deployments, particularly those exposed to untrusted networks.
The absence of authentication requirements makes these flaws especially dangerous for perimeter security systems.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post Cisco Identity Services Engine Vulnerability Enables Remote Attackers appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.