Cisco is warning that the Cisco Identity Services Engine (ISE) is being packed with three recent important distance code execution weaknesses, now being actively exploited in attacks.
However, the seller did not specify how they are being exploited and whether they were successful, it is now important to implement security updates as soon as possible.
“In July 2025, Cisco PSIRT became aware of the attempt to exploit some of these weaknesses in the wild,” Update advisor reads,
“Cisco strongly recommends that customers upgrade a certain software to remove these weaknesses.”
Cisco Identity Services Engine (ISE) is a platform that enables large outfits to control network access and implement security policies.
On June 25, 2025 (CVE-2025-20281 and CVE-2025-20282) and on 16 July 2025 (CVE-2025-20337), the maximum severity flaws were first manifested by the seller.
Here is a brief description of the flaws:
Cve-2025-20281: Critical informal remote code execution vulnerability in Cisco Icentity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). An attacker can send API requests designed to execute arbitrary commands as a route on the underlying OS, without authentication. Fixed in ISE 3.3 Patch 7 and 3.4 Patch 2.
Cve-2025-20282: Sisko ISE and ISE-Pic release 3.4 significant arbitrary arbitrary file uploads and execution vulnerability. The absence of file verification allows the attackers to upload malicious files in privileged directors and execute them as root. Fixed in ISE 3.4 Patch 2.
Cve-2025-20337: Important informal distance code execution vulnerabilities affecting Cisco ISE and ISE-Pic. The exploiter through specially designed API requests due to insufficient input verification allows the attackers to obtain root access without credentials. Fixed in ISE 3.3 Patch 7 and 3.4 Patch 2.
The three are rated at the maximum severity (CVSS score: 10.0) and are exploited from a distance without the need for authentication, giving them valuable targets for hackers that demand a leg to set up on the corporate network.
Cisco first released two separate hot patches for three flaws due to the time difference in their discovery. To reduce all of them at once, it is recommended to take the following action:
- ISE 3.3 users have to upgrade to Patch 7
- ISE 3.4 users have to upgrade to Patch 2
ISE 3.2 or earlier people are not affected and they do not need to take any action.
There are no workarounds for three weaknesses, so applying updates is the only recommended course of action.
Include emerging hazards in real time – before they affect your business.
Learn how cloud detection and response (CDR) gives security teams the required edge in this practical, no-nonsense guide.
