Cisco's Identity Services Engine (ISE) software has a serious vulnerability exploited since early July 2025, as reported by the Shadowserver Foundation. The flaw, CVE-2025-20281, allows unauthenticated access for attackers to execute commands with root privileges. Cisco initially reported the vulnerability on June 25, 2025, alongside two other critical flaws. Although CSIRT became aware of exploitation attempts on July 21, details about the attackers and the extent of data compromise remain undisclosed. The vulnerabilities pose significant risks to network security.
Threat actors have actively exploited a newly patched vulnerability in Cisco's Identity Services Engine (ISE) software since early July, weeks before the networking giant got around to issuing a fix.
The bug in question, rated 10 out of 10 on the CVSS scale, is a remote code execution flaw that lurks in the web-based management interface of Identity Services Engine (ISE), Cisco's network access control system.
If successfully exploited, it allows unauthenticated attackers to execute arbitrary commands with root privileges on vulnerable devices.
Cisco's advisory has been tweaked to confirm that "some of the bugs" are being actively exploited, though this revelation comes almost a full three weeks after Shadowserver first clocked signs of cybercriminals messing with CVE-2025-2033 in the wild.
Collection
[
|
...
]