Cisco Identity Services Engine (ISE) is a network security policy management and access control platform used by organizations to manage their network connections, serving as a network access control (NAC), identity management, and policy enforcement tool. Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). This allows an unauthenticated, remote attacker to send a specially crafted API request to execute arbitrary operating system commands as the root user. The flaw allows unauthenticated, remote attackers to upload arbitrary files to the target system and execute them with root privileges. Cisco also published a separate bulletin regarding a medium-severity authentication bypass flaw, tracked as CVE-2025-20264, which also impacts ISE. The flaw is caused by the inadequate enforcement of authorization for users created via SAML SSO integration with an external identity provider. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The two flaws impacting it could enable complete compromise and full remote takeover of the target device without any authentication or user interaction. Cisco noted in the bulletin that it is not aware of any cases of active exploitation for the two flaws, but installing the new updates should be prioritized. An attacker with valid SSO-authenticated credentials can send a specific sequence of commands to modify system settings or perform a system restart.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 26 Jun 2025 15:25:17 +0000