The vulnerabilities carry the maximum CVSS score of 10.0, indicating the most severe security risk possible.
Three distinct vulnerabilities tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337 affect Cisco ISE
These vulnerabilities enable unauthenticated remote attackers to execute arbitrary commands on the underlying operating system with root privileges, representing a complete system compromise.
The vulnerabilities stem from insufficient validation of user-supplied input in specific APIs within the ISE platform. Key details include:
CVE-2025-20282 presents a particularly concerning attack vector, allowing attackers to upload arbitrary files to affected devices and execute them with root privileges.
This vulnerability exists due to inadequate file validation checks that fail to prevent uploaded files from being placed in privileged directories on the system.
In July 2025, Cisco’s Product Security Incident Response Team detected attempted exploitation of these vulnerabilities in active network environments.
This discovery transforms the advisory from a theoretical security concern to an immediate operational threat, prompting Cisco to strongly emphasize the urgency of applying available fixes.
The exploitation attempts highlight the critical nature of these vulnerabilities for organizations relying on Cisco ISE for network access control and identity management.
Given that ISE typically operates as a central authentication and authorization service in enterprise networks, successful exploitation could provide attackers with extensive access to network resources and sensitive data.
The vulnerabilities were responsibly disclosed by security researchers Bobby Gould from Trend Micro Zero Day Initiative and Kentaro Kawane from GMO Cybersecurity by Ierae.
However, the timeline between disclosure and active exploitation underscores the rapid weaponization of critical infrastructure vulnerabilities.
Cisco has released software updates addressing all three vulnerabilities, but notably, no workarounds exist to mitigate the risk. Organizations must upgrade to fixed software releases to eliminate the security exposure.
For ISE version 3.3 deployments, administrators should upgrade to Release 3.3 Patch 7. Version 3.4 users need to install Release 3.4 Patch 2. Cisco has withdrawn earlier hot patches that provided incomplete protection, as they failed to address CVE-2025-20337.
The company emphasizes that customers running ISE Release 3.2 or earlier versions are not affected by these specific vulnerabilities.
However, given the critical nature of the vulnerabilities and confirmed exploitation activity, Cisco recommends immediate deployment of patches across all vulnerable systems.
Organizations should prioritize these updates as part of emergency maintenance windows, given the maximum severity rating and confirmed threat actor interest in exploiting these vulnerabilities.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post Critical Cisco ISE Vulnerabilities Actively Exploited in RCE Attacks appeared first on Cyber Security News.
Pixar's Hoppers, about a young animal rights activist (Piper Curda) who transfers her mind into…
After more than five years since the last book in the series was published, Sarah…
A giant power line was knocked down Friday evening after a truck crashed into it.
Students at Caledonia Elementary School were sent home Friday morning after heavy rainfall caused flooding…
On its Early Access launch day, before I'd unlocked anything, I was struck by how…
BriTanya Brown, an independent candidate for Texas House District 71, discusses her motivations for running,…
This website uses cookies.