Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Posted on By CWS

Jun 26, 2025Ravie LakshmananVulnerability, Community Safety
Cisco has launched updates to deal with two maximum-severity safety flaws in Identification Providers Engine (ISE) and ISE Passive Identification Connector (ISE-PIC) that would allow an unauthenticated attacker to execute arbitrary instructions as the foundation consumer.
The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS rating of 10.0 every. An outline of the defects is beneath –

CVE-2025-20281 – An unauthenticated distant code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later that would permit an unauthenticated, distant attacker to execute arbitrary code on the underlying working system as root
CVE-2025-20282 – An unauthenticated distant code execution vulnerability affecting Cisco ISE and ISE-PIC launch 3.4 that would permit an unauthenticated, distant attacker to add arbitrary information to an affected system and execute these information on the underlying working system as root

Cisco stated CVE-2025-20281 is the results of inadequate validation of user-supplied enter, which an attacker may exploit by sending a crafted API request to acquire elevated privileges and run instructions.

In distinction, CVE-2025-20282 stems from an absence of file validation checks that will in any other case stop the uploaded information from being positioned in privileged directories.
“A profitable exploit may permit the attacker to retailer malicious information on the affected system after which execute arbitrary code or get hold of root privileges on the system,” Cisco stated.
The networking gear vendor stated there aren’t any workarounds that deal with the problems. The shortcomings have been addressed within the beneath variations –

CVE-2025-20281 – Cisco ISE or ISE-PIC 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz), 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz)
CVE-2025-20282 – Cisco ISE or ISE-PIC 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz)

The corporate credited Bobby Gould of Development Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity for reporting CVE-2025-20281. Kawane, who beforehand reported CVE-2025-20286 (CVSS rating: 9.9), has additionally been acknowledged for reporting CVE-2025-20282.
Whereas there isn’t any proof that the vulnerabilities have been exploited within the wild, it is important that customers transfer shortly to use the fixes to safeguard towards potential threats.

Discovered this text attention-grabbing? Comply with us on Twitter  and LinkedIn to learn extra unique content material we publish.

The Hacker News Tags:, , , , , , , , , ,

Related Posts

FBI and Europol Dismantle Cybercrime Forum LeakBase FBI and Europol Dismantle Cybercrime Forum LeakBase The Hacker News
New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human New Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a Human The Hacker News
Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading The Hacker News
NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers The Hacker News
Helping CISOs Speak the Language of Business Helping CISOs Speak the Language of Business The Hacker News
Why CTEM is the Winning Bet for CISOs in 2025 Why CTEM is the Winning Bet for CISOs in 2025 The Hacker News