Cisco Identity Services Engine: Attack on old gaps – update now
In recent weeks, Cisco has closed critical ISE gaps – and now the company is warning of exploits. Anyone who has not yet patched should act immediately.
At the end of June, Cisco issued its first warning about the critical vulnerabilities CVE-2025-20281 and CVE-2025-20282 in the Identity Services Engine (ISE). A third, related vulnerability, CVE-2025-20337, was added in mid-July.
All three were classified with the highest possible severity level (10.0, critical). Attackers can misuse them to inject arbitrary commands or malicious code into the operating system from the network without prior authentication and then execute them in the context of the root user.
The company has now updated the security notice on the three vulnerabilities once again: The internal Product Security Incident Response Team had observed active attacks in the wild.
Apply patches – and check again
Anyone who has not yet applied the available ISE patches should do so now. Release 3.4 Patch 2 is generally not under threat; Cisco's advisory provides update recommendations for the vulnerable releases along with various hotpatch constellations.
Since the publication of the first version of the security advisory, the company has, according to its own information, published improved, secured releases. Users who have already patched should therefore also take another look at the updated information.
(ovw)
