Cisco has released an update to address two maximum security flaws: the Identity Services Engine (ISE) and the ISE Passive Identity Connector (ISE-PIC).
Vulnerabilities assigned to CVE Identifiers CVE-2025-20281 and CVE-2025-20282 each have a CVSS score of 10.0. The explanation of the defect is below –
- CVE-2025-20281 – An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later allows uncertified remote attackers to run arbitrary code from the underlying operating system as root.
- CVE-2025-20282 -Unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4.
CISCO said that CVE-2025-20281 can be used by attackers sending API requests created by gaining high privileges and running commands because users are insufficiently validating the supplemented input.
In contrast, CVE-2025-20282 is due to the lack of file validation checks that prevent uploaded files from being placed in privileged directories.
“If the exploit is successful, an attacker can save the malicious file on the affected system, run arbitrary code, or gain root privileges on the system,” Cisco said.
The networking equipment vendor said there was no workaround to address the issue. The drawbacks are addressed in the following versions –
- CVE-2025-20281 -Cisco ISE or ISE-PIC 3.3 Patch 6 (ISE-Apply-CSCWO99449_3.3.0.430_Patch4-Spa.tar.gz), 3.4 Patch 2 (ISE-Apply-CSCWO999449_3.4.0.608_PATCH1-SPA.TAR.GZ)
- CVE-2025-20282 -Cisco ISE or ISE-PIC 3.4 Patch 2 (ISE-Apply-CSCWO99449_3.4.0.608_Patch1-Spa.tar.gz)
The company praised Bobby Gould of the Trend Micro Zero Day Initiative and GMO Cybersecurity’s Kentarokawan for reporting CVE-2025-20281. Kawane, who previously reported CVE-2025-20286 (CVSS score: 9.9), has also been recognized for reporting CVE-2025-20282.
There is no evidence that vulnerabilities are being exploited in the wild, but it is essential that users move quickly to apply fixes to protect against potential threats.
