Cisco is warning that three just lately patched crucial distant code execution vulnerabilities in Cisco Id Providers Engine (ISE) at the moment are being actively exploited in assaults.
Though the seller didn’t specify how they had been being exploited and whether or not they had been profitable, making use of the safety updates as quickly as potential is now crucial.
“In July 2025, the Cisco PSIRT turned conscious of tried exploitation of a few of these vulnerabilities within the wild,” reads the up to date advisory.
“Cisco continues to strongly suggest that prospects improve to a set software program launch to remediate these vulnerabilities.”
Cisco Id Providers Engine (ISE) is a platform that permits massive organizations to manage community entry and implement safety insurance policies.
The utmost severity flaws had been first disclosed by the seller on June 25, 2025 (CVE-2025-20281 and CVE-2025-20282) and July 16, 2025 (CVE-2025-20337).
Right here’s a short description of the issues:
CVE-2025-20281: Important unauthenticated distant code execution vulnerability in Cisco Id Providers Engine (ISE) and ISE Passive Id Connector (ISE-PIC). An attacker can ship crafted API requests to execute arbitrary instructions as root on the underlying OS, with out authentication. Mounted in ISE 3.3 Patch 7 and three.4 Patch 2.
CVE-2025-20282: Important unauthenticated arbitrary file add and execution vulnerability in Cisco ISE and ISE-PIC Launch 3.4. Lack of file validation permits attackers to add malicious recordsdata into privileged directories and execute them as root. Mounted in ISE 3.4 Patch 2.
CVE-2025-20337: Important unauthenticated distant code execution vulnerability affecting Cisco ISE and ISE-PIC. Exploitable through specifically crafted API requests as a result of inadequate enter validation, permitting attackers to realize root entry with out credentials. Mounted in ISE 3.3 Patch 7 and three.4 Patch 2.
All three are rated at most severity (CVSS rating: 10.0) and are remotely exploitable with out requiring authentication, making them invaluable targets for hackers in search of to realize a foothold on company networks.
Cisco beforehand launched two separate scorching patches for the three flaws as a result of time distinction of their discovery. To mitigate all of them without delay, admins are really helpful to take the next motion:
ISE 3.3 customers should improve to Patch 7
ISE 3.4 customers should improve to Patch 2
These on ISE 3.2 or earlier are usually not affected and don’t must take any motion.
There are not any workarounds for the three vulnerabilities, so making use of the updates is the one really helpful plan of action.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud safety drives enterprise worth.
This free, editable board report deck helps safety leaders current threat, influence, and priorities in clear enterprise phrases. Flip safety updates into significant conversations and quicker decision-making within the boardroom.
