Hackers are focusing on essential vulnerabilities in Cisco Identification Providers Engine (ISE) and ISE Passive Identification Connector (ISE-PIC), lower than a month after patches had been rolled out.
On June 25, Cisco warned that two flaws in ISE and ISE-PIC might permit distant, unauthenticated attackers to execute arbitrary code on the underlying working system, with root privileges.
Final week, Cisco up to date its advisory to warn that, along with the initially found points, tracked as CVE-2025-20281 and CVE-2025-20282 (CVSS rating of 10/10), a 3rd bug, tracked as CVE-2025-20337 and equally extreme, was recognized within the susceptible merchandise.
CVE-2025-20281 and CVE-2025-20337 have an effect on a selected API and exist as a result of user-supplied enter is insufficiently validated. CVE-2025-20282 impacts one other API and exists as a result of inadequate validation checks permit for uploaded recordsdata to be positioned in privileged directories.
Attackers might exploit these points by submitting crafted API requests and by importing crafted recordsdata, permitting them to execute arbitrary instructions and code, with root privileges.
On Tuesday, Cisco up to date its advisory once more, to warn that risk actors have began focusing on these vulnerabilities within the wild.
“In July 2025, the Cisco PSIRT turned conscious of tried exploitation of a few of these vulnerabilities within the wild. Cisco continues to strongly suggest that prospects improve to a hard and fast software program launch to remediate these vulnerabilities,” the corporate notes.
The three flaws have an effect on Cisco ISE and ISE-PIC variations 3.3 and three.4, and had been addressed in ISE and ISE-PIC variations 3.3 Patch 7 and three.4 Patch 2. Variations 3.2 and earlier of the home equipment are usually not affected.Commercial. Scroll to proceed studying.
Cisco recommends that prospects who beforehand put in ISE model 3.3 Patch 6 and the beforehand launched sizzling patches replace to totally patched releases, as they comprise fixes for CVE-2025-20337 as nicely.
All three safety defects had been reported by the Development Micro Zero Day Initiative, Cisco says. The corporate has kept away from sharing particulars on the noticed exploitation makes an attempt.
Associated: Cisco Warns of Hardcoded Credentials in Enterprise Software program
Associated: Excessive-Severity Vulnerabilities Patched by Cisco, Atlassian
Associated: Cisco Patches Vital ISE Vulnerability With Public PoC
Associated: Technical Particulars Printed for Vital Cisco IOS XE Vulnerability
