Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that enable unauthenticated remote code execution (RCE) with root privileges.
Both flaws carry maximum CVSS scores of 10.0, indicating severe risk to unpatched systems.
The vulnerabilities allow attackers to completely compromise affected devices without authentication.
CVE-2025-20281 stems from insufficient input validation in a specific API.
Attackers can exploit this by sending crafted API requests to execute arbitrary commands as the root user. This affects ISE and ISE-PIC releases 3.3 and later.
CVE-2025-20282 involves an internal API flaw allowing file uploads to privileged directories. Attackers can upload malicious files and execute them as root, affecting only version 3.41.
Both vulnerabilities are independently exploitable and require no user interaction.
Successful exploitation grants full system control, enabling lateral movement within networks.
The CVSS vectors reflect their critical nature:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
| Product Version | CVE-2025-20281 Impact | CVE-2025-20282 Impact | Fixed Release |
|---|---|---|---|
| 3.2 and earlier | Not vulnerable | Not vulnerable | N/A |
| 3.3 | Vulnerable | Not vulnerable | Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz) |
| 3.4 | Vulnerable | Vulnerable | Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz) |
No workarounds exist; patching is the only mitigation.
Organizations should immediately apply relevant patches through Cisco’s standard update channels.
Version 3.4 requires patching for both vulnerabilities, while 3.3 only needs resolution for CVE-2025-202811.
Security agencies worldwide—including Singapore’s CSA, Canada’s Cyber Centre, and the MS-ISAC—have issued alerts urging immediate action.
Cisco confirmed no active exploits but emphasized the criticality of these flaws in security policy enforcement systems.
Researchers from Trend Micro Zero Day Initiative and GMO Cybersecurity discovered the vulnerabilities, highlighting ongoing scrutiny of network infrastructure security.
Administrators should prioritize updating ISE deployments, particularly those exposed to untrusted networks.
The absence of authentication requirements makes these flaws especially dangerous for perimeter security systems.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post Cisco Identity Services Engine Vulnerability Enables Remote Attackers appeared first on Cyber Security News.
The Adecco Group. the global talent and technology services company has signed a new, multi-year…
Epic Games has released key artwork for the next season of Fortnite, confirming the return…
Bethesda has announced its long-awaited list of updates and additions to Starfield, which fans have…
Bethesda director Todd Howard is tired of being asked about The Elder Scrolls 6, and…
Bethesda Game Studios carries a lot of history with it, so when I visited its…
It's par for the course for developer Bethesda to support its games post-launch with a…
This website uses cookies.