Ethical Hacking News
Cisco has released critical updates to address two severe security flaws in their Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. The vulnerabilities, which carry a CVSS score of 10.0 each, allow unauthenticated attackers to gain root access via remote code execution. Users are advised to apply the latest patches as soon as possible to safeguard against potential threats.
Cisco has released updates to address two critical security flaws in their Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. CVE-2025-20281: Unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later, with a CVSS score of 10.0. CVE-2025-20282: Unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4, also with a CVSS score of 10.0. No workarounds are available for these vulnerabilities; users must apply the latest patches as soon as possible to safeguard against potential threats.
Cisco has recently released updates to address two critical security flaws in their Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) products. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each, indicating that they are of extremely high severity.
The first vulnerability, CVE-2025-20281, is an unauthenticated remote code execution (RCE) vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later. This means that an attacker with minimal access to the system can execute arbitrary code on the underlying operating system as root. The vulnerability stems from insufficient validation of user-supplied input, which an attacker could exploit by sending a crafted API request to obtain elevated privileges and run commands.
In contrast, CVE-2025-20282 is also an unauthenticated RCE vulnerability affecting Cisco ISE and ISE-PIC release 3.4. This vulnerability is caused by a lack of file validation checks that would otherwise prevent the uploaded files from being placed in privileged directories. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
It's worth noting that there are no workarounds that address the issues, meaning that users will need to apply the latest patches as soon as possible to safeguard against potential threats. The patches for CVE-2025-20281 have been released in Cisco ISE or ISE-PIC 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz), while the patch for CVE-2025-20282 has been released in Cisco ISE or ISE-PIC 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz).
The vulnerabilities were discovered by Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity, who have been acknowledged by Cisco for their findings. This is not the first time that Kawane has discovered a security vulnerability in Cisco products, as he previously reported CVE-2025-20286 (CVSS score: 9.9).
While there is currently no evidence that these vulnerabilities have been exploited in the wild, it's essential that users take immediate action to apply the latest patches and ensure that their systems are protected against potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-ISE-and-ISE-PIC-Vulnerabilities-A-Threat-to-Network-Security-ehn.shtml
https://thehackernews.com/2025/06/critical-rce-flaws-in-cisco-ise-and-ise.html
https://nvd.nist.gov/vuln/detail/CVE-2025-20281
https://www.cvedetails.com/cve/CVE-2025-20281/
https://nvd.nist.gov/vuln/detail/CVE-2025-20282
https://www.cvedetails.com/cve/CVE-2025-20282/
https://nvd.nist.gov/vuln/detail/CVE-2025-20286
https://www.cvedetails.com/cve/CVE-2025-20286/
Published: Thu Jun 26 10:49:56 2025 by llama3.2 3B Q4_K_M
