Another critical vulnerability in Cisco's ISE
There is another vulnerability in Cisco's ISE with a maximum threat rating. Cisco also warns of further vulnerabilities in more products.
(Image: Michael Vi/Shutterstock.com)
Cisco has published four new security advisories and updated an older one. One of the vulnerabilities addressed is classified as a critical risk with the highest rating. Another of the vulnerabilities is considered high-risk.
In Cisco's Identity Services Engine (ISE), attackers can inject commands into the operating system from the network without prior authentication, which are then executed in the context of the root user. The security advisory was originally issued at the end of June. However, Cisco has now updated it and assigned the previously known vulnerabilities with the numbers CVE-2025-20281 and CVE-2025-20282 the new entry CVE-2025-20337 / EUVD-2025-21708. “Attackers do not need any valid access credentials to exploit the vulnerability. [..] They can exploit it by sending a manipulated API request. If successful, attackers gain root privileges on affected devices,” Cisco explains. Cisco ISE and ISE-PIC 3.3 and 3.4 are impacted; versions 3.3 Patch 7 and 3.4 Patch 2 close the newly discovered security vulnerability.
In Cisco's Unified Intelligence Center, however, attackers with valid access can upload arbitrary files to vulnerable systems due to a vulnerability in the web-based management interface. “A successful exploit allows attackers to drop malicious files on the system and execute arbitrary commands in the operating system,” Cisco explains in its security advisory. To exploit the vulnerability, malicious actors must have at least “Report Designer” access (CVE-2025-20274 / EUVD-2025-21714, CVSS 6.3, but “high” risk according to Cisco). Cisco explains the higher risk rating by pointing out that attackers can escalate their privileges to root.
Videos by heise
Further security vulnerabilities in Cisco products
Cisco has reported further vulnerabilities, which the manufacturer is fixing with updates.
- Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities, CVE-2025-20283, CVE-2025-20284, CVE-2025-20285 / EUVD-2025-21712, EUVD-2025-21711, EUVD-2025-21709, CVSS 6.5, risk “medium”
- Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability, CVE-2025-20288 / EUVD-2025-21710, CVSS 5.8, risk “medium”
- Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability, CVE-2025-20272 / EUVD-2025-21713, CVSS 4.3, risk “medium”
IT managers should apply the updates for the devices they use as soon as possible.
(dmk)
