Cisco ISE critical flaws actively exploited by hackers

Cisco has issued an urgent warning about active exploitation targeting critical vulnerabilities in its Identity Services Engine (ISE) platform. The networking giant updated its security advisory after confirming attacks leveraging these flaws in real-world scenarios.

Three distinct security gaps impact Cisco ISE, a widely used enterprise solution for managing network access policies, along with its companion Passive Identity Connector (ISE-PIC). These components help organizations enforce security controls and gather user identity data across their infrastructure.

Two of the vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20337, stem from improper input validation in API requests. Attackers can exploit these flaws remotely without authentication, potentially gaining root-level access to compromised systems. The third issue, CVE-2025-20282, involves inadequate file validation, allowing malicious actors to upload harmful files to restricted directories. Successful exploitation could lead to arbitrary code execution or complete system takeover.

Cisco clarified that these vulnerabilities operate independently, exploiting one doesn’t depend on another. While the company confirmed attacks occurring as early as July 2025, it hasn’t disclosed specifics about the threat actors or their methods.

Patches for CVE-2025-20281 and CVE-2025-20282 were released in late June, with an additional fix for CVE-2025-20337 rolled out recently. Organizations running Cisco ISE or ISE-PIC versions 3.3 and 3.4 must immediately upgrade to v3.3 Patch 7 or v3.4 Patch 2, as no temporary mitigations exist. Earlier versions (3.2 and below) remain unaffected.

For continuous updates on emerging cyber threats, consider subscribing to real-time breach alerts. Staying informed is critical in today’s rapidly shifting security landscape.

(Source: HelpNet Security)