Cisco has disclosed a number of essential safety vulnerabilities in its Identification Providers Engine (ISE) and ISE Passive Identification Connector (ISE-PIC) that might enable unauthenticated distant attackers to execute arbitrary instructions with root privileges on affected techniques.
The vulnerabilities, assigned CVE identifiers CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, all carry the utmost CVSS rating of 10.0, indicating probably the most extreme degree of threat.
Vulnerability Abstract
CVE IDAffected VersionsPatched VersionsDescriptionCVE-2025-20281ISE/ISE-PIC 3.3, 3.43.3 Patch 7, 3.4 Patch 2API unauthenticated distant code execution through inadequate enter validationCVE-2025-20282ISE/ISE-PIC 3.4 only3.4 Patch 2File add vulnerability permitting arbitrary file execution with root privilegesCVE-2025-20337ISE/ISE-PIC 3.3, 3.43.3 Patch 7, 3.4 Patch 2API unauthenticated distant code execution through inadequate enter validation
The three vulnerabilities stem from inadequate enter validation in particular APIs inside Cisco ISE and ISE-PIC techniques. CVE-2025-20281 and CVE-2025-20337 have an effect on each launch variations 3.3 and three.4, whereas CVE-2025-20282 impacts solely model 3.4.
Crucially, these flaws don’t require any authentication, making them notably harmful as attackers want no legitimate credentials to take advantage of them.
The primary two vulnerabilities enable attackers to execute arbitrary code by submitting crafted API requests attributable to inadequate validation of user-supplied enter.
CVE-2025-20282 presents a unique assault vector, enabling attackers to add arbitrary recordsdata to privileged directories and subsequently execute them with root privileges.
This vulnerability exploits a scarcity of file validation checks that might usually forestall malicious file placement in essential system directories.
Affected Techniques and Scope
The vulnerabilities solely have an effect on Cisco ISE and ISE-PIC releases 3.3 and three.4, no matter machine configuration. Organizations working model 3.2 or earlier are usually not weak to those particular safety flaws.
Provided that ISE serves as a essential community entry management and coverage enforcement platform in lots of enterprise environments, the potential for widespread influence is critical.
The impartial nature of those vulnerabilities implies that exploitation of 1 doesn’t require exploitation of one other, doubtlessly offering a number of assault vectors for malicious actors.
The network-accessible nature of those flaws, mixed with their unauthenticated exploitation functionality, creates an pressing safety state of affairs for affected organizations.
Cisco has launched software program updates to handle all three vulnerabilities, with no out there workarounds. The corporate strongly recommends upgrading to Launch 3.3 Patch 7 for model 3.3 customers or Launch 3.4 Patch 2 for model 3.4 customers.
Organizations presently working Launch 3.4 Patch 2 require no additional motion, whereas these on Launch 3.3 Patch 6 should improve to Patch 7.
Notably, Cisco has deprecated beforehand launched scorching patches (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz and ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz) as they failed to handle CVE-2025-20337. Organizations utilizing these scorching patches should improve to the complete patch releases.
The vulnerabilities had been found by accountable disclosure by safety researchers Bobby Gould of Pattern Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity by Ierae.
Cisco’s Product Safety Incident Response Group studies no proof of public exploitation or malicious use of those vulnerabilities on the time of disclosure.
Organizations utilizing affected Cisco ISE techniques ought to prioritize rapid patching because of the essential nature of those vulnerabilities and the potential for full system compromise.
Examine reside malware conduct, hint each step of an assault, and make sooner, smarter safety selections -> Strive ANY.RUN now
