Cisco is warning that three not too long ago patched vital distant code execution vulnerabilities in Cisco Id Providers Engine (ISE) are actually being actively exploited in assaults.
Though the seller didn’t specify how they have been being exploited and whether or not they have been profitable, making use of the security updates as quickly as potential is now vital.
“In July 2025, the Cisco PSIRT turned conscious of tried exploitation of a few of these vulnerabilities within the wild,” reads the up to date advisory.
“Cisco continues to strongly suggest that prospects improve to a set software program launch to remediate these vulnerabilities.”
Cisco Id Providers Engine (ISE) is a platform that permits massive organizations to manage community entry and implement security insurance policies.
The utmost severity flaws have been first disclosed by the seller on June 25, 2025 (CVE-2025-20281 and CVE-2025-20282) and July 16, 2025 (CVE-2025-20337).
Right here’s a short description of the issues:
CVE-2025-20281: Important unauthenticated distant code execution vulnerability in Cisco Id Providers Engine (ISE) and ISE Passive Id Connector (ISE-PIC). An attacker can ship crafted API requests to execute arbitrary instructions as root on the underlying OS, with out authentication. Fastened in ISE 3.3 Patch 7 and three.4 Patch 2.
CVE-2025-20282: Important unauthenticated arbitrary file add and execution vulnerability in Cisco ISE and ISE-PIC Launch 3.4. Lack of file validation permits attackers to add malicious information into privileged directories and execute them as root. Fastened in ISE 3.4 Patch 2.
CVE-2025-20337: Important unauthenticated distant code execution vulnerability affecting Cisco ISE and ISE-PIC. Exploitable through specifically crafted API requests attributable to inadequate enter validation, permitting attackers to realize root entry with out credentials. Fastened in ISE 3.3 Patch 7 and three.4 Patch 2.
All three are rated at most severity (CVSS rating: 10.0) and are remotely exploitable with out requiring authentication, making them priceless targets for hackers searching for to realize a foothold on company networks.
Cisco beforehand launched two separate scorching patches for the three flaws as a result of time distinction of their discovery. To mitigate all of them directly, admins are really helpful to take the next motion:
- ISE 3.3 customers should improve to Patch 7
- ISE 3.4 customers should improve to Patch 2
These on ISE 3.2 or earlier usually are not affected and don’t have to take any motion.
There aren’t any workarounds for the three vulnerabilities, so making use of the updates is the one really helpful plan of action.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud security drives enterprise worth.
This free, editable board report deck helps security leaders current danger, impression, and priorities in clear enterprise phrases. Flip security updates into significant conversations and sooner decision-making within the boardroom.
