Ethical Hacking News
U.S. CISA has added three critical vulnerabilities in Cisco Identity Services Engine (ISE) and two in PaperCut NG/MF to its Know Exploited Vulnerabilities (KEV) catalog, leaving enterprise networks exposed to attacks exploiting these flaws.
Cisco Identity Services Engine (ISE) and PaperCut NG/MF have been added to the U.S. CISA's Know Exploited Vulnerabilities (KEV) catalog with critical vulnerabilities. The most critical vulnerability, CVE-2025-20281, is a cross-site request forgery (CSRF) vulnerability that could allow an attacker to obtain root privileges on an affected device. A third critical vulnerability, CVE-2023-2533, is a CSRF vulnerability in PaperCut NG/MF with a CVSS score of 8.4. U.S. CISA has ordered federal agencies to address these vulnerabilities by August 18, 2025, emphasizing the importance of prompt patching and remediation.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added three critical vulnerabilities in Cisco Identity Services Engine (ISE) and two in PaperCut NG/MF to its Know Exploited Vulnerabilities (KEV) catalog, highlighting the ongoing threat landscape of modern enterprise networks. These newly added vulnerabilities pose significant risks to organizations relying on these systems for their security and identity management needs.
The most critical vulnerability is CVE-2025-20281, a cross-site request forgery (CSRF) vulnerability in Cisco ISE/ISE-PIC allowing unauthenticated remote attackers to execute code as root via a vulnerable API. This flaw has been assigned a CVSS score of 10, indicating that it could allow an attacker to obtain root privileges on an affected device by exploiting this vulnerability. The vulnerability is due to insufficient validation of user-supplied input, and an attacker could exploit it by submitting a crafted API request.
Another critical vulnerability, CVE-2025-20337, allows unauthenticated remote attackers to execute arbitrary code on the underlying operating system with root privileges. This flaw has also been assigned a CVSS score of 10 and is similar in nature to CVE-2025-20281. The vulnerability is due to insufficient validation of user-supplied input, and an attacker could exploit it by submitting a crafted API request.
A third critical vulnerability, CVE-2023-2533, is a CSRF vulnerability in PaperCut NG/MF that, under specific conditions, could potentially allow an attacker to alter security settings or execute arbitrary code. The CVSS score for this vulnerability is 8.4, indicating that it poses a significant threat to organizations relying on this system.
The U.S. CISA has ordered federal agencies to address these vulnerabilities by August 18, 2025, emphasizing the importance of prompt patching and remediation to protect their networks against attacks exploiting these flaws in the catalog.
The fact that Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws highlights the ongoing threat landscape of modern enterprise networks. The company has detected attacks in July 2025, and it continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities.
Experts warn that private organizations review the Catalog and address the vulnerabilities in their infrastructure, as they may have already been exploited by threat actors.
The binding operational directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities further emphasizes the importance of prompt action against identified vulnerabilities. FCEB agencies are required to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
In conclusion, the addition of these critical vulnerabilities in Cisco ISE and PaperCut NG/MF to the KEV catalog highlights the ongoing threat landscape of modern enterprise networks. Organizations must take prompt action to remediate these vulnerabilities and protect their networks against potential exploitation by threat actors.
Related Information:
https://www.ethicalhackingnews.com/articles/US-CISA-Adds-Cisco-ISE-and-PaperCut-NGMF-Flaws-to-Known-Exploited-Vulnerabilities-Catalog-Leaving-Enterprise-Networks-Exposed-ehn.shtml
Published: Tue Jul 29 01:38:51 2025 by llama3.2 3B Q4_K_M
