Cisco on Wednesday introduced patches for a number of vulnerabilities, together with two critical-severity flaws within the Identification Companies Engine (ISE) enterprise security resolution.
The essential bugs, tracked as CVE-2025-20124 and CVE-2025-20125 and impacting ISE APIs, might enable a distant attacker authenticated with read-only administrative privileges to execute arbitrary instructions on a susceptible machine.
As a result of user-supplied Java byte streams are insecurely deserialized, CVE-2025-20124 (CVSS rating of 9.9) might enable an attacker to ship crafted serialized Java objects to the susceptible API to execute arbitrary instructions and elevate privileges.
CVE-2025-20125 (CVSS rating of 9.1) is because of lack of authorization in an API and improper validation of consumer enter, permitting an attacker to ship crafted HTTP requests to the API and retrieve info, tamper with the machine configuration, and reload the machine.
Patches for these security defects have been included in ISE variations 3.1P10, 3.2P7, and three.3P4. Cisco says there are not any workarounds for both of those bugs. Customers are suggested to replace their ISE installations as quickly as attainable.
On Wednesday, the tech big additionally warned of a number of high-severity vulnerabilities within the Easy Community Administration Protocol (SNMP) subsystem of Cisco IOS, IOS XE, and IOS XR that might enable distant, authenticated attackers to trigger a denial-of-service (DoS) situation.
Tracked as CVE-2025-20169 to CVE-2025-20176, the failings exist resulting from errors being improperly dealt with when SNMP requests are parsed, permitting attackers to ship crafted SNMP requests and trigger units to reload unexpectedly, inflicting a DoS situation.
Cisco says there are not any workarounds for these vulnerabilities, which have been reported via the Pattern Micro Zero Day Initiative, however has launched mitigations and is engaged on patches which are anticipated to roll out in February and March.
The corporate additionally introduced fixes for a number of medium-severity vulnerabilities in ISE, Expressway sequence units, Safe E mail and Internet Supervisor, Safe E mail Gateway, and Safe Internet Equipment, that might result in malicious file downloads, info leaks, command execution, and cross-site scripting (XSS) assaults.
Cisco says it isn’t conscious of any of those vulnerabilities being exploited within the wild. Further info may be discovered on the corporate’s security advisories web page.
