Cisco has released crucial security updates to address two newly discovered, maximum-severity vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These flaws could enable unauthenticated, remote attackers to gain full root-level control over affected systems, posing a significant risk to organizations using these products for network access control and identity management.
Both vulnerabilities are rated CVSS 10.0, indicating the highest level of severity due to their potential impact:
-
CVE-2025-20281: This remote code execution (RCE) vulnerability affects Cisco ISE and ISE-PIC version 3.3 and later. The flaw is the result of insufficient validation of user-supplied input in the API. An attacker could exploit this by sending a specially crafted API request, allowing them to run arbitrary commands on the underlying operating system as the root user. This could result in full system compromise.
-
CVE-2025-20282: This vulnerability impacts ISE and ISE-PIC version 3.4. It stems from a lack of proper file validation checks, which allows attackers to upload malicious files into privileged directories. These files can then be executed with root permissions, giving attackers complete control over the device.
According to Cisco, successful exploitation of these flaws could allow attackers not only to execute arbitrary code but also to store malicious files on the system and escalate privileges to the root level. This could enable them to manipulate configurations, exfiltrate sensitive data, or pivot deeper into corporate networks.
No workarounds are available, and organizations are urged to apply the patches provided by Cisco as soon as possible to mitigate the risks. The vulnerabilities have been addressed in the following versions:
-
For CVE-2025-20281: Cisco ISE / ISE-PIC 3.3 Patch 6 and 3.4 Patch 2
-
For CVE-2025-20282: Cisco ISE / ISE-PIC 3.4 Patch 2
Administrators should ensure they are running these patched versions to prevent potential exploitation.
At this stage, there is no evidence that these vulnerabilities have been exploited in the wild. However, given the critical nature of these flaws and the attractiveness of network access control systems as a target for attackers, immediate action is recommended to secure environments against possible future attacks.
These security gaps highlight the importance of timely patch management and the risks associated with exposed management interfaces. Organizations are encouraged to review their security policies and harden their ISE deployments, including restricting management access to trusted administrative networks only.
