Cisco has issued patches for two severe vulnerabilities (CVE-2025-20281 and CVE-2025-20282) in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Both vulnerabilities, rated at 10/10 severity, allow unauthenticated attackers to execute code and gain root access. The flaws stem from insufficient validation in an API and pose significant risks, especially as they can be exploited independently. Cisco is keeping detailed information under wraps to prevent potential attacks while urging administrators to promptly apply the available patches. Currently, there are no known exploits in the wild.
CVE-2025-20281 enables unauthenticated attackers to execute root code as a result of insufficient validation in an API, allowing easy exploitation.
Cisco's vulnerabilities CVE-2025-20281 and CVE-2025-20282 are critical; they allow remote attackers to execute code and escalate privileges without authentication.
To prevent potential exploitation, Cisco is withholding specific details about the vulnerabilities while encouraging admins to apply patches promptly.
Both CVE-2025-20281 and CVE-2025-20282 highlight the risks of inadequate input validation, emphasizing the need for stringent security checks in network access controls.
Collection
[
|
...
]