Cisco has disclosed two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that enable unauthenticated remote code execution (RCE) with root privileges.
Both flaws carry maximum CVSS scores of 10.0, indicating severe risk to unpatched systems.
The vulnerabilities allow attackers to completely compromise affected devices without authentication.
CVE-2025-20281 stems from insufficient input validation in a specific API.
Attackers can exploit this by sending crafted API requests to execute arbitrary commands as the root user. This affects ISE and ISE-PIC releases 3.3 and later.
CVE-2025-20282 involves an internal API flaw allowing file uploads to privileged directories. Attackers can upload malicious files and execute them as root, affecting only version 3.41.
Both vulnerabilities are independently exploitable and require no user interaction.
Successful exploitation grants full system control, enabling lateral movement within networks.
The CVSS vectors reflect their critical nature:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
| Product Version | CVE-2025-20281 Impact | CVE-2025-20282 Impact | Fixed Release |
|---|---|---|---|
| 3.2 and earlier | Not vulnerable | Not vulnerable | N/A |
| 3.3 | Vulnerable | Not vulnerable | Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz) |
| 3.4 | Vulnerable | Vulnerable | Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz) |
No workarounds exist; patching is the only mitigation.
Organizations should immediately apply relevant patches through Cisco’s standard update channels.
Version 3.4 requires patching for both vulnerabilities, while 3.3 only needs resolution for CVE-2025-202811.
Security agencies worldwide—including Singapore’s CSA, Canada’s Cyber Centre, and the MS-ISAC—have issued alerts urging immediate action.
Cisco confirmed no active exploits but emphasized the criticality of these flaws in security policy enforcement systems.
Researchers from Trend Micro Zero Day Initiative and GMO Cybersecurity discovered the vulnerabilities, highlighting ongoing scrutiny of network infrastructure security.
Administrators should prioritize updating ISE deployments, particularly those exposed to untrusted networks.
The absence of authentication requirements makes these flaws especially dangerous for perimeter security systems.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
The post Cisco Identity Services Engine Vulnerability Enables Remote Attackers appeared first on Cyber Security News.
Mother's Day lands on May 10 this year. This time around, why not get mom…
Ravensburger is one of my overall favorite puzzle brands that just so happens to have…
Call of Duty fans can breathe a sigh of relief as this year's entry will…
Fallout co-creator Tim Cain has shared his fear that some gamers are watching influencers just…
Similar to every other high-end GPU on the market, the AMD Radeon 9070 XT graphics…
Grand Theft Auto 6 won't be coming to PC when the game releases on November…
This website uses cookies.