268/68 Thursday, July 24, 2025
Cisco has issued a cybersecurity advisory regarding three critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products, which have been actively exploited. All three vulnerabilities carry the maximum CVSS severity score of 10.0 and allow unauthenticated remote code execution (RCE), enabling attackers to take full control of affected systems with root-level privileges. Cisco’s Product Security Incident Response Team (PSIRT) confirmed it had observed exploitation attempts targeting these flaws in July 2025, although details of the attacks and attribution to specific threat actors have not been disclosed. Cisco urges immediate patching to mitigate potential damage.
Details of the vulnerabilities are as follows:
- CVE-2025-20281: An unauthenticated RCE vulnerability in Cisco ISE and ISE-PIC, allowing attackers to send specially crafted API requests to execute arbitrary commands with root privileges on the target operating system. (Fixed in ISE 3.3 Patch 7 and ISE 3.4 Patch 2)
- CVE-2025-20282: Allows attackers to upload malicious files into high-privilege directories and execute them. Affects only Cisco ISE / ISE-PIC version 3.4. (Fixed in ISE 3.4 Patch 2)
- CVE-2025-20337: Another unauthenticated RCE vulnerability similar to CVE-2025-20281, enabling root access via specially crafted API requests. (Fixed in ISE 3.3 Patch 7 and ISE 3.4 Patch 2)
Cisco confirms that no workarounds are currently available for these vulnerabilities. As a precaution, administrators and users are strongly advised to apply the following updates immediately:
- For ISE 3.3, install Patch 7
- For ISE 3.4, install Patch 2
- Versions prior to ISE 3.2 are not affected by these vulnerabilities.
