Cisco has published a bulletin to warn about two important, uncontrolled remote code execution (RCE) weaknesses affecting the Cisco Icentity Services Engine (ISE) and Passive Ice-Pic.
Trees under flaws Cve-2025-20281 And Cve-2025-20282Maximum severity are rated (CVSS score: 10.0). The first affects ISE and ISE-Pic versions 3.4 and 3.3, while the second is only affecting versions 3.4.
The root cause of CVE-2025-20281 is an inadequate verification of input supplied by the user in a specific exposed API. This allows an informal, remote attacker to send an API request specially designed to execute the operating system command as root users.
The second issue, the CVE-2025-20282, is caused by poor file verification in an internal API, allowing files to be written to privileged directors. The defect allows uncontrolled, distance attackers to upload arbitrary files on the target system and execute them with root privileges.
The Cisco Identity Services Engine (ISE) is a network safety policy management and access control platform that is used by organizations to manage its network connections, serving as network access control (NAC), identification management and policy enforcement tools.
The product is commonly used by large enterprises, government organizations, universities and service providers, sitting at the origin of the enterprise network.
Two flaws affecting this can enable the complete compromise and complete remote acquisition of the target device without any certification or user interaction.
Cisco Noted in bulletin It is not known about any case of active exploitation for two flaws, but priority should be given by installing new updates.
The users are recommended to upgrade the 3.3 patch 6 (ISE -pply-Cscwo9949_3.3.0.430_patch4) and 3.4 Patch 2 (ISE -PLY-Cscwo99449_3.4.4.08_Patch1) or later. No work -chart was provided to reduce flaws, so it is a recommended solution to apply security updates.
Cisco too Published a separate bulletin Regarding a moderate-seriousness authentication bypass defect, as tracked Cve-2025-20264Which also affects ISE.
The defect is caused by insufficient enforcement of the authority for users created through SSO integration with an external identification provider. An attacker with valid SSO-certified credentials can send a specific sequence of commands to modify system settings or restart the system.
The CVE-2025-20264 affects all versions of ISE to 3.4 branches. The fix was made available in 3.4 patch 2 and 3.3 patch 5. The seller promised to fix the defect for 3.2 with the release of 3.2 patch 8, planned for November 2025.
ISE 3.1 and are also affected earlier, but are no longer supported, and users are recommended to migrate to a new release branch.
Patching meant complex scripts, long and endless fire drills. No more.
In this new guide, the tines break down how it is leveling with modern organ automation. Patch fast, reduce overhead, and focus on strategic tasks – no complex script is required.
