Cisco Systems has issued a critical security advisory warning of multiple remote code execution vulnerabilities in its Identity Services Engine (ISE) that are being actively exploited by attackers in the wild. The company’s Product Security Incident Response Team (PSIRT) confirmed in July 2025 that some of these vulnerabilities are being exploited in active attacks, prompting urgent calls for organizations to apply patches immediately. All three vulnerabilities are classified under Common Weakness Enumeration categories CWE-269 (Improper Privilege Management) and CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component), highlighting fundamental security design issues. The vulnerabilities, carrying the maximum CVSS severity score of 10.0, allow unauthenticated remote attackers to execute arbitrary commands with root privileges on affected systems. Organizations should verify their ISE versions immediately and plan emergency maintenance windows to apply the necessary patches, given the critical nature of these vulnerabilities and confirmed exploitation activity. The networking giant disclosed three separate vulnerabilities tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, all of which affect Cisco ISE and ISE Passive Identity Connector (ISE-PIC) deployments. Security researchers Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity by Ierae were credited with discovering and reporting these vulnerabilities through responsible disclosure processes. Cisco ISE serves as a critical network access control and policy enforcement platform used by organizations worldwide to manage device authentication and authorization.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Jul 2025 12:00:15 +0000