InfoSecBulletin Cybersecurity for mankind
Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthorized users to run commands as the root user. The vulnerabilities CVE-2025-20281 and CVE-2025-20282 both have a CVSS score of 10.0.
CVE-2025-20281: An unauthenticated remote code execution flaw in Cisco ISE and ISE-PIC versions 3.3 and later that allows an attacker to run arbitrary code remotely as root
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access
CISA Warns of FortiOS Hard-Coded Credentials Vulns
5 vendors’ printer totaling 748 models affected: Rapid7
Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
SonicWall warns of a trojanized NetExtender stealing VPN logins
CVE-2025-36537
TeamViewer patched vuln allowing hacker SYSTEM Rights
Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
CVE-2025-20282: A vulnerability in Cisco ISE and ISE-PIC version 3.4 that allows an attacker to upload and run files remotely as root.
Cisco reported that CVE-2025-20281 arises from inadequate validation of user inputs, allowing an attacker to exploit this by sending a specialized API request to gain elevated privileges and execute commands.
CVE-2025-20282 results from missing file validation checks, allowing uploaded files to go into privileged directories.
“A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system,” Cisco said.
Cisco said the shortcomings have been addressed in the below versions:
CVE-2025-20281 – Cisco ISE or ISE-PIC 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz), 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz)
CVE-2025-20282 – Cisco ISE or ISE-PIC 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz)
Cisco thanked Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity for reporting CVE-2025-20281. Kawane, who reported CVE-2025-20286 (CVSS score: 9.9), was also recognized for reporting CVE-2025-20282.
No evidence suggests the vulnerabilities are being exploited, but users should quickly apply fixes to protect against possible threats.
