Cisco has recently addressed two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms, tracked as CVE-2025-20281 and CVE-2025-20282. Both vulnerabilities allow unauthenticated, remote attackers to execute arbitrary code with root privileges, posing a severe risk to affected systems.
Details of the Vulnerabilities
CVE-2025-20281
• Affected Versions: Cisco ISE and ISE-PIC versions 3.3 and above.
• Description: This vulnerability is due to insufficient validation of user-supplied input in a specific API. An attacker can submit a crafted API request to execute arbitrary code with root privileges on the affected device.
• CVSS Score: 9.8 or 10 (depending on the source).
• Impact: Full system compromise, as the attacker gains root-level control without authentication.
CVE-2025-20282
• Affected Versions: Cisco ISE and ISE-PIC version 3.4 only.
• Description: This vulnerability results from a lack of file validation checks, allowing attackers to upload and execute malicious files in privileged directories on the system.
• CVSS Score: 10.
• Impact: Attackers can store and execute malicious files, leading to arbitrary code execution and root privileges on the system.
| Release | First Fixed Release for CVE-2025-20281 | First Fixed Release for CVE-2025-20282 |
|---|---|---|
| 3.2 and earlier | Not vulnerable | Not vulnerable |
| 3.3 | 3.3 Patch 6 | Not vulnerable |
| 3.4 | 3.4 Patch 2 | 3.4 Patch 2 |
Additional Notes
Cisco has stated that there are no workarounds for these vulnerabilities. The only mitigation is to update to the latest patched versions. As of now, Cisco’s Product Security Incident Response Team (PSIRT) is not aware of any in-the-wild exploitation of these vulnerabilities.
Organizations should immediately update their Cisco ISE and ISE-PIC installations to the latest available patches to protect against potential attacks.
