The vulnerabilities carry the maximum CVSS score of 10.0, indicating the most severe security risk possible.
Three distinct vulnerabilities tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337 affect Cisco ISE and ISE-PIC installations running versions 3.3 and 3.4.
These vulnerabilities enable unauthenticated remote attackers to execute arbitrary commands on the underlying operating system with root privileges, representing a complete system compromise.
The vulnerabilities stem from insufficient validation of user-supplied input in specific APIs within the ISE platform. Key details include:
CVE-2025-20282 presents a particularly concerning attack vector, allowing attackers to upload arbitrary files to affected devices and execute them with root privileges.
This vulnerability exists due to inadequate file validation checks that fail to prevent uploaded files from being placed in privileged directories on the system.
In July 2025, Cisco’s Product Security Incident Response Team detected attempted exploitation of these vulnerabilities in active network environments.
This discovery transforms the advisory from a theoretical security concern to an immediate operational threat, prompting Cisco to strongly emphasize the urgency of applying available fixes.
The exploitation attempts highlight the critical nature of these vulnerabilities for organizations relying on Cisco ISE for network access control and identity management.
Given that ISE typically operates as a central authentication and authorization service in enterprise networks, successful exploitation could provide attackers with extensive access to network resources and sensitive data.
The vulnerabilities were responsibly disclosed by security researchers Bobby Gould from Trend Micro Zero Day Initiative and Kentaro Kawane from GMO Cybersecurity by Ierae.
However, the timeline between disclosure and active exploitation underscores the rapid weaponization of critical infrastructure vulnerabilities.
Cisco has released software updates addressing all three vulnerabilities, but notably, no workarounds exist to mitigate the risk. Organizations must upgrade to fixed software releases to eliminate the security exposure.
For ISE version 3.3 deployments, administrators should upgrade to Release 3.3 Patch 7. Version 3.4 users need to install Release 3.4 Patch 2. Cisco has withdrawn earlier hot patches that provided incomplete protection, as they failed to address CVE-2025-20337.
The company emphasizes that customers running ISE Release 3.2 or earlier versions are not affected by these specific vulnerabilities.
However, given the critical nature of the vulnerabilities and confirmed exploitation activity, Cisco recommends immediate deployment of patches across all vulnerable systems.
Organizations should prioritize these updates as part of emergency maintenance windows, given the maximum severity rating and confirmed threat actor interest in exploiting these vulnerabilities.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
The post Critical Cisco ISE Vulnerabilities Actively Exploited in RCE Attacks appeared first on Cyber Security News.
If you're a Windows user who's looking for a PC version of the Apple Mac…
INDIANA, (WOWO): Voters across northeast Indiana will head to the polls on May 5, 2026,…
INDIANA, (WOWO): Voters across northeast Indiana will head to the polls on May 5, 2026,…
GRANT COUNTY, Ind. (WOWO): A 73-year-old man from Upland died Monday morning after a single-vehicle…
GRANT COUNTY, Ind. (WOWO): A 73-year-old man from Upland died Monday morning after a single-vehicle…
WHITLEY COUNTY, Ind.— Authorities have determined that a man who died following an officer-involved shooting…
This website uses cookies.