Jul 22, 2025Ravie LakshmananNetwork Safety / Vulnerability
Cisco on Monday up to date its advisory of a set of lately disclosed safety flaws in Id Providers Engine (ISE) and ISE Passive Id Connector (ISE-PIC) to acknowledge energetic exploitation.
“In July 2025, the Cisco PSIRT [Product Security Incident Response Team], grew to become conscious of tried exploitation of a few of these vulnerabilities within the wild,” the corporate stated in an alert.
The community gear vendor didn’t disclose which vulnerabilities have been weaponized in real-world assaults, the identification of the menace actors exploiting them, or the dimensions of the exercise.Cisco ISE performs a central function in community entry management, managing which customers and gadgets are allowed onto company networks and underneath what situations. A compromise at this layer may give attackers unrestricted entry to inside programs, bypassing authentication controls and logging mechanisms—turning a coverage engine into an open door.
The vulnerabilities outlined within the alert are all critical-rated bugs (CVSS scores: 10.0) that would enable an unauthenticated, distant attacker to problem instructions on the underlying working system as the foundation person –
CVE-2025-20281 and CVE-2025-20337 – A number of vulnerabilities in a selected API that would enable an unauthenticated, distant attacker to execute arbitrary code on the underlying working system as root
CVE-2025-20282 – A vulnerability in an inside API that would enable an unauthenticated, distant attacker to add arbitrary recordsdata to an affected gadget after which execute these recordsdata on the underlying working system as root
Whereas the primary two flaws are the results of inadequate validation of user-supplied enter, the latter stems from a scarcity of file validation checks that may forestall uploaded recordsdata from being positioned in privileged directories on an affected system.
Consequently, an attacker may leverage these shortcomings by submitting a crafted API request (for CVE-2025-20281 and CVE-2025-20337) or importing a crafted file to the affected gadget (for CVE-2025-20282).
In mild of energetic exploitation, it is important that prospects improve to a hard and fast software program launch as quickly as doable to remediate these vulnerabilities. These flaws are exploitable remotely with out authentication, putting unpatched programs at excessive danger of pre-auth distant code execution—a top-tier concern for defenders managing essential infrastructure or compliance-driven environments.Safety groups must also overview system logs for suspicious API exercise or unauthorized file uploads, particularly in externally uncovered deployments.
