Ethical Hacking News
Cisco has issued a warning that three recently patched critical RCE flaws in its Identity Services Engine (ISE) are now being actively exploited in attacks. Organizations with ISE deployments must upgrade to the latest software release as soon as possible to remediate these vulnerabilities.
Cisco has warned its enterprise network customers that three recently patched critical vulnerabilities are being actively exploited in attacks. The vulnerabilities, CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, can grant malicious actors control over a network's infrastructure. Cisco recommends upgrading to fixed software releases to remediate the vulnerabilities, as there are no workarounds available. Admins must follow specific upgrade paths: ISE 3.2 users do not need to act, while ISE 3.3 and 3.4 users must upgrade to Patch 7 and Patch 2 respectively.
Cisco has issued a stark warning to its enterprise network customers, alerting them that three recently patched critical remote code execution (RCE) vulnerabilities in the Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. This development underscores the importance of timely software updates and patch management for large organizations, as the consequences of falling victim to such exploits can be catastrophic.
The vulnerability in question, CVE-2025-20281, was first disclosed by Cisco on June 25, 2025, and is a critical unauthenticated remote code execution vulnerability in the Cisco ISE and its Passive Identity Connector (ISE-PIC). An attacker can send crafted API requests to execute arbitrary commands as root on the underlying operating system without authentication. This flaw has been fixed in Cisco ISE version 3.3 Patch 7 and 3.4 Patch 2.
The second vulnerability, CVE-2025-20282, is a critical unauthenticated arbitrary file upload and execution vulnerability in Cisco ISE and ISE-PIC Release 3.4. The lack of file validation allows attackers to upload malicious files into privileged directories and execute them as root. This flaw has also been fixed in Cisco ISE version 3.4 Patch 2.
The third vulnerability, CVE-2025-20337, is a critical unauthenticated remote code execution vulnerability affecting both Cisco ISE and ISE-PIC. The exploitability of this flaw lies in its reliance on insufficient input validation, allowing attackers to gain root access without credentials. Notably, this vulnerability has been fixed in both Cisco ISE version 3.3 Patch 7 and 3.4 Patch 2.
The implications of these exploits are severe, as they can grant malicious actors unparalleled control over a network's infrastructure. This is particularly concerning for organizations with sensitive data or critical services that rely on the stability and security provided by their ISE deployments.
In response to this threat, Cisco has strongly recommended that all customers upgrade to a fixed software release to remediate these vulnerabilities. The vendor has noted that there are no workarounds available for these exploits, emphasizing the necessity of applying updates as soon as possible to prevent unauthorized access and potential data breaches.
To mitigate all three vulnerabilities at once, admins are advised to follow specific upgrade paths:
ISE 3.2 or earlier users do not need to take any action.
ISE 3.3 users must upgrade to Patch 7
ISE 3.4 users must upgrade to Patch 2
The absence of workarounds underscores the importance of proactive patch management and timely software updates in mitigating such vulnerabilities.
In conclusion, this development serves as a stark reminder of the critical nature of IT infrastructure security. The exploitation of these three vulnerabilities highlights the imperative for organizations to prioritize their network's defenses and adhere to best practices for patch management. Failure to do so can result in severe consequences, including data breaches and compromised network integrity.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Warns-of-Critical-ISE-Flaws-Being-Exploited-A-Cautionary-Tale-for-Enterprise-Networks-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisco-maximum-severity-ise-rce-flaws-now-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2025-20281
https://www.cvedetails.com/cve/CVE-2025-20281/
https://nvd.nist.gov/vuln/detail/CVE-2025-20282
https://www.cvedetails.com/cve/CVE-2025-20282/
https://nvd.nist.gov/vuln/detail/CVE-2025-20337
https://www.cvedetails.com/cve/CVE-2025-20337/
Published: Tue Jul 22 10:56:28 2025 by llama3.2 3B Q4_K_M
