eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

This article was originally published on TechRepublic.

Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated remote attacker to issue commands with root privileges, Cisco said in an advisory on July 17. 

Cisco released multiple patches for the issues, including an expanded fix for specific software versions.

The vulnerabilities were reported by Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity by Ierae, working with Trend Micro Zero Day Initiative. 

The vulnerabilities allow for arbitrary code execution

Cisco’s patches address three vulnerabilities: CVE-2025-20281, CVE-2025-20337, and CVE-2025-20282. All are arbitrary code execution vulnerabilities, but they are not related to each other and do not need to be exploited together to be effective. 

CVE-2025-20281 and CVE-2025-20337 open up Cisco ISE and Cisco ISE-PIC to remote code execution. An attacker could submit a crafted API request that took advantage of the insufficient validation of user-supplied input. This could grant root-level privileges.

CVE-2025-20282 affects Cisco ISE and ISE-PIC Release 3.4. With it, an attacker could have uploaded a crafted file to the device. Due to a lack of file validation, the file could be placed in privileged directories, allowing the attacker to execute arbitrary code or gain root access. 

Cisco said it is not aware of any active exploitation of these vulnerabilities. 

How to patch the vulnerabilities  

Your Cisco ISE is patched against these vulnerabilities if it is running the following versions:

  • Release 3.4 Patch 2
  • Release 3.3 Patch 6 (with Release 3.3 Patch 7)

Cisco released hot patches prior to these, but they have been superseded by the versions listed above. The company has also provided guides on how to apply updates.

Other news from Cisco 

In related cybersecurity news, about a month ago Talos, Cisco’s security intelligence division, discovered a threat actor group using the promise of generative AI as a bait to distribute malware. The attackers used a spoofed version of a real business’ website to distribute the ransomware strain called CyberLock, which locked specific documents on the victims’ computer. The fake site promised a downloadable version of ChatGPT.  

Separately, in a broader push for cybersecurity education, Cisco in March launched a digital skills training initiative across the European Union. The free courses, offered through Cisco’s Networking Academy, aim to equip more individuals with essential skills in networking and cybersecurity.  

Source link