Alert: Another critical Cisco vulnerability discovered, allowing unauthorized root access
In a recent security advisory, tech giant Cisco has announced the release of patches for two critical vulnerabilities (CVE-2025-20281 and CVE-2025-20337) in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Both vulnerabilities have been rated a maximum 10 out of 10 on the Common Vulnerability Scoring System (CVSS), highlighting their severity.
CVE-2025-20337 allows an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges by submitting crafted API requests. This vulnerability affects ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration.
Similarly, CVE-2025-20281, previously disclosed in June, also allows remote code execution with root privileges. However, it has a CVSS score of 9.8, while CVE-2025-20337 has a perfect score of 10.0. Both vulnerabilities stem from insufficient validation of user input.
CVE-2025-20282, another vulnerability disclosed in June, differs in its exploitation method. It allows attackers to upload and execute malicious files, leading to remote code execution and root-level access.
Cisco strongly advises customers to upgrade to the latest fixed software versions as outlined in the advisory to mitigate these risks. The updated security advisory for CVE-2025-20281 was published on July 16.
It is worth noting that these vulnerabilities were not previously known to have any exploits in the wild. However, the potential for exploitation is concerning due to their high severity and potential for exploitation by threat actors.
This is not the first time Cisco has faced such a critical vulnerability. Earlier this month, another perfect 10 was scored for a vulnerability in its Unified Communications Manager and Session Management Edition products, involving hardcoded credentials that would allow an unauthenticated, remote attacker root access.
ISE is a network access control and security policy management platform, and ISE-PIC centralizes identity management across security tools. Organisations relying on these systems for identity management should take immediate action to update their software to mitigate the risks posed by these vulnerabilities.
- The newly disclosed vulnerability, CVE-2025-20337, can enable an unauthenticated, remote attacker to execute arbitrary code with root privileges on ISE and ISE-PIC releases 3.3 and 3.4, due to insufficient validation of user input.
- Cisco's AI-powered cybersecurity solutions could potentially detect and prevent exploitation attempts of these vulnerabilities by monitoring for anomalous API requests.
- To address the risks posed by CVE-202281 and CVE-2025-20337, organizations should promptly apply the provided patches and ensure their software is updated to the latest fixed versions.
- In light of these recent vulnerabilities and the potential risks they pose, it's crucial for organizations to prioritize software updates and cybersecurity best practices, especially for mission-critical systems like ISE and ISE-PIC.
