Cisco has revealed a bulletin to warn about two essential, unauthenticated distant code execution (RCE) vulnerabilities affecting Cisco Identification Providers Engine (ISE) and the Passive Identification Connector (ISE-PIC).
The issues, tracked underneath CVE-2025-20281 and CVE-2025-20282, are rated with max severity (CVSS rating: 10.0). The primary impacts ISE and ISE-PIC variations 3.4 and three.3, whereas the second impacts solely model 3.4.
The foundation reason behind CVE-2025-20281 is an inadequate validation of user-supplied enter in a selected uncovered API. This permits an unauthenticated, distant attacker to ship a specifically crafted API request to execute arbitrary working system instructions as the foundation person.
The second problem, CVE-2025-20282, is brought on by poor file validation in an inner API, permitting information to be written to privileged directories. The flaw permits unauthenticated, distant attackers to add arbitrary information to the goal system and execute them with root privileges.
Cisco Identification Providers Engine (ISE) is a community safety coverage administration and entry management platform utilized by organizations to handle their community connections, serving as a community entry management (NAC), id administration, and coverage enforcement instrument.
The product is often utilized by giant enterprises, authorities organizations, universities, and repair suppliers, sitting on the core of the enterprise community.
The 2 flaws impacting it may allow full compromise and full distant takeover of the goal machine with none authentication or person interplay.
Cisco famous within the bulletin that it’s not conscious of any instances of lively exploitation for the 2 flaws, however putting in the brand new updates must be prioritized.
Customers are advisable to improve to three.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4) and three.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1) or later. No workarounds have been offered to mitigate the failings, so making use of the safety updates is the advisable answer.
Cisco additionally revealed a separate bulletin relating to a medium-severity authentication bypass flaw, tracked as CVE-2025-20264, which additionally impacts ISE.
The flaw is brought on by the insufficient enforcement of authorization for customers created by way of SAML SSO integration with an exterior id supplier. An attacker with legitimate SSO-authenticated credentials can ship a selected sequence of instructions to switch system settings or carry out a system restart.
CVE-2025-20264 impacts all variations of ISE as much as the three.4 department. Fixes have been made obtainable in 3.4 Patch 2 and three.3 Patch 5. The seller promised to repair the flaw for 3.2 with the discharge of three.2 Patch 8, deliberate for November 2025.
ISE 3.1 and earlier are additionally impacted however are not supported, and customers are advisable emigrate to a more moderen launch department.
Patching used to imply advanced scripts, lengthy hours, and countless hearth drills. Not anymore.
On this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, scale back overhead, and concentrate on strategic work — no advanced scripts required.
