Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Posted on July 22, 2025July 22, 2025 By CWS

Jul 22, 2025Ravie LakshmananNetwork Safety / Vulnerability
Cisco on Monday up to date its advisory of a set of lately disclosed safety flaws in Id Providers Engine (ISE) and ISE Passive Id Connector (ISE-PIC) to acknowledge energetic exploitation.
“In July 2025, the Cisco PSIRT [Product Security Incident Response Team], grew to become conscious of tried exploitation of a few of these vulnerabilities within the wild,” the corporate stated in an alert.
The community gear vendor didn’t disclose which vulnerabilities have been weaponized in real-world assaults, the identification of the menace actors exploiting them, or the dimensions of the exercise.Cisco ISE performs a central function in community entry management, managing which customers and gadgets are allowed onto company networks and underneath what situations. A compromise at this layer may give attackers unrestricted entry to inside programs, bypassing authentication controls and logging mechanisms—turning a coverage engine into an open door.
The vulnerabilities outlined within the alert are all critical-rated bugs (CVSS scores: 10.0) that would enable an unauthenticated, distant attacker to problem instructions on the underlying working system as the foundation person –

CVE-2025-20281 and CVE-2025-20337 – A number of vulnerabilities in a selected API that would enable an unauthenticated, distant attacker to execute arbitrary code on the underlying working system as root
CVE-2025-20282 – A vulnerability in an inside API that would enable an unauthenticated, distant attacker to add arbitrary recordsdata to an affected gadget after which execute these recordsdata on the underlying working system as root

Whereas the primary two flaws are the results of inadequate validation of user-supplied enter, the latter stems from a scarcity of file validation checks that may forestall uploaded recordsdata from being positioned in privileged directories on an affected system.
Consequently, an attacker may leverage these shortcomings by submitting a crafted API request (for CVE-2025-20281 and CVE-2025-20337) or importing a crafted file to the affected gadget (for CVE-2025-20282).
In mild of energetic exploitation, it is important that prospects improve to a hard and fast software program launch as quickly as doable to remediate these vulnerabilities. These flaws are exploitable remotely with out authentication, putting unpatched programs at excessive danger of pre-auth distant code execution—a top-tier concern for defenders managing essential infrastructure or compliance-driven environments.Safety groups must also overview system logs for suspicious API exercise or unauthorized file uploads, particularly in externally uncovered deployments.

The Hacker News Tags:Access, Active, Cisco, Confirms, Enabling, Exploits, Flaws, ISE, Root, Targeting, Unauthenticated

Post navigation

Previous Post: Critical Sophos Firewall Vulnerabilities Enables pre-auth Remote Code Execution
Next Post: Vulnerabilities Expose Helmholz Industrial Routers to Hacking

Related Posts

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group The Hacker News
CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability The Hacker News
Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide The Hacker News
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction The Hacker News
Automation Is Redefining Pentest Delivery The Hacker News
New China-Linked Hacker Group Hits Governments With Stealth Malware The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code
  • TARmageddon Flaw in Popular Rust Library Leads to RCE
  • New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials
  • Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
  • Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code
  • TARmageddon Flaw in Popular Rust Library Leads to RCE
  • New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials
  • Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
  • Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News