Cisco Security Advisory: Critical Vulnerabilities Uncovered in ISE

Cisco recently released a security advisory highlighting significant vulnerabilities in its Identity Services Engine (ISE) and the ISE Passive Identity Connector (ISE-PIC). These vulnerabilities pose a serious risk, as they could enable remote, unauthenticated attackers to execute arbitrary code with root privileges on affected systems.

Severe Vulnerability Details

The most alarming of these vulnerabilities, identified as CVE-2025-20337, has received the highest possible CVSS score of 10.0. This flaw bears a striking resemblance to another serious issue, CVE-2025-20281, which was patched by Cisco just weeks prior. According to Cisco, these vulnerabilities exploit weaknesses in a specific API used by both ISE and ISE-PIC, granting unauthorized attackers the ability to execute arbitrary code without needing valid credentials.

Affected Versions

Cisco has confirmed that the vulnerabilities impact ISE and ISE-PIC versions 3.3 and 3.4. Devices operating on release 3.2 or earlier are not at risk from CVE-2025-20337 or CVE-2025-20281. Additionally, there is a related vulnerability, CVE-2025-20282, which specifically affects version 3.4.

Vulnerability Insights

The issues stemming from CVE-2025-20337 and CVE-2025-20281 arise due to insufficient validation of user-supplied input within the impacted API. Attackers can craft specific API requests, allowing them remote access to execute arbitrary code as root. This situation enables a range of dangerous activities, including data theft and further compromises within the network infrastructure.

Technical Breakdown

The vulnerabilities are categorized as follows:

• CWE-269: Improper Privilege Management
• CWE-74: Improper Neutralization of Input

These categories highlight the critical nature of these flaws, as they underline the lack of proper safeguards against unauthorized access.

CVE-2025-20282 results from inadequate file validation checks in an internal API of Cisco ISE and ISE-PIC. This allows remote attackers to upload unauthorized files into privileged directories and execute them, also with elevated privileges. It, too, has a CVSS score of 10.0, indicating a substantial risk.

Recommended Actions and Patching

In light of these discoveries, Cisco has rolled out software updates to address the highlighted vulnerabilities. Organizations dependent on vulnerable releases are urged to upgrade as soon as possible, noting that no temporary solutions are available for these issues.

Upgrade Guidelines

Here’s how users should proceed based on their current software version:

• If running Cisco ISE 3.4 Patch 2, no further actions are required.
• For those on Cisco ISE 3.3 Patch 6, upgrading to Patch 7 is essential.
• Users who applied hot patches, such as ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz or ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz, should also upgrade, as these patches do not mitigate CVE-2025-20337.

Cisco emphasizes that each of these vulnerabilities can be exploited independently, meaning that not all affected releases will necessarily harbor all three CVEs.

By taking prompt action and keeping systems updated, organizations can significantly reduce their risk of compromise.