Image: Chor muang/Adobe Stock
Three separate vulnerabilities impact Cisco’s identity services. All have been patched.
Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated remote attacker to issue commands with root privileges, Cisco said in an advisory on July 17.
Cisco released multiple patches for the issues, including an expanded fix for specific software versions.
The vulnerabilities were reported by Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity by Ierae, working with Trend Micro Zero Day Initiative.
Cisco’s patches address three vulnerabilities: CVE-2025-20281, CVE-2025-20337, and CVE-2025-20282. All are arbitrary code execution vulnerabilities, but they are not related to each other and do not need to be exploited together to be effective.
CVE-2025-20281 and CVE-2025-20337 open up Cisco ISE and Cisco ISE-PIC to remote code execution. An attacker could submit a crafted API request that took advantage of the insufficient validation of user-supplied input. This could grant root-level privileges.
CVE-2025-20282 affects Cisco ISE and ISE-PIC Release 3.4. With it, an attacker could have uploaded a crafted file to the device. Due to a lack of file validation, the file could be placed in privileged directories, allowing the attacker to execute arbitrary code or gain root access.
Cisco said it is not aware of any active exploitation of these vulnerabilities.
Your Cisco ISE is patched against these vulnerabilities if it is running the following versions:
Cisco released hot patches prior to these, but they have been superseded by the versions listed above. The company has also provided guides on how to apply updates.
In related cybersecurity news, about a month ago Talos, Cisco’s security intelligence division, discovered a threat actor group using the promise of generative AI as a bait to distribute malware. The attackers used a spoofed version of a real business’ website to distribute the ransomware strain called CyberLock, which locked specific documents on the victims’ computer. The fake site promised a downloadable version of ChatGPT.
Separately, in a broader push for cybersecurity education, Cisco in March launched a digital skills training initiative across the European Union. The free courses, offered through Cisco’s Networking Academy, aim to equip more individuals with essential skills in networking and cybersecurity.
Read more about important patches, this one for a remote code execution vulnerability in Microsoft SharePoint.
Megan Crouse has a decade of experience in business-to-business news and feature writing, including as first a writer and then the editor of Manufacturing.net. Her news and feature stories have appeared in Military & Aerospace Electronics, Fierce Wireless, TechRepublic, and eWeek. She copyedited cybersecurity news and features at Security Intelligence. She holds a degree in English Literature and minored in Creative Writing at Fairleigh Dickinson University.
