Ethical Hacking News
Cisco's Identity Services Engine (ISE) has been found to be vulnerable to a severe bug that allows for pre-auth command execution. This bug has a maximum severity rating and could allow unauthenticated attackers to execute arbitrary code or gain root privileges on vulnerable devices. Customers are urged to patch their systems immediately.
A critical vulnerability was discovered in Cisco's Identity Services Engine (ISE) on July 17, 2025. The bug has a maximum severity rating of 10 out of 10 and can be exploited by unauthenticated attackers. Inadequate user-supplied input validation checks are the cause of this vulnerability. A remote attacker could exploit this vulnerability to store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. The vulnerability affects Cisco ISE and ISE-PIC versions 3.4 and 3.3.
On July 17, 2025, at 11:53 AM, a critical vulnerability was discovered in Cisco's Identity Services Engine (ISE) that allows for pre-auth command execution. This bug has been assigned the maximum severity rating of 10 out of 10 and has the potential to be exploited by unauthenticated attackers.
According to Bill Toulas, a tech writer and infosec news reporter, this vulnerability is caused by insufficient user-supplied input validation checks. Kentaro Kawane, a researcher at the Japanese cybersecurity service GMO Cybersecurity by Ierae, discovered this issue, which was then reported to Trend Micro's Zero Day Initiative (ZDI).
A remote unauthenticated attacker could leverage this vulnerability by submitting a specially crafted API request that would allow them to store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. The vulnerability affects Cisco ISE and ISE-PIC versions 3.4 and 3.3, regardless of device configuration.
Additionally, Cisco warns that customers who applied the patches for CVE-2025-20281 and CVE-2025-20282 are not covered from CVE-2025-20337, and need to upgrade to ISE 3.3 Patch 7 or ISE 3.4 Patch 2.
While no exploitation of any of the three critical vulnerabilities has been observed in the wild as of yet, it is recommended that system administrators take immediate action to mitigate the risks.
Related Information:
https://www.ethicalhackingnews.com/articles/Max-Severity-Cisco-ISE-Bug-Allows-Pre-Auth-Command-Execution-Patch-Now-ehn.shtml
https://www.bleepingcomputer.com/news/security/max-severity-cisco-ise-bug-allows-pre-auth-command-execution-patch-now/
https://nvd.nist.gov/vuln/detail/CVE-2025-20337
https://www.cvedetails.com/cve/CVE-2025-20337/
https://nvd.nist.gov/vuln/detail/CVE-2025-20282
https://www.cvedetails.com/cve/CVE-2025-20282/
Published: Thu Jul 17 12:26:35 2025 by llama3.2 3B Q4_K_M
