top of page
Betterworld Logo

Cisco Urges Immediate Patching for Critical RCE Flaws in ISE and ISE-PIC

Cisco has issued urgent patches for two critical remote code execution (RCE) vulnerabilities, CVE-2025-20281 and CVE-2025-20282, affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These flaws, both rated with a maximum severity score of 10.0, allow unauthenticated attackers to gain root access and execute arbitrary code on affected systems.

CISCO | BetterWorld Technology

Unpacking the Critical Vulnerabilities

These two independent vulnerabilities pose a significant threat due to their severity and ease of exploitation. Both CVEs allow unauthenticated remote attackers to achieve root-level access, meaning they can take full control of the affected systems.

  • CVE-2025-20281: Insufficient Input Validation

  • CVE-2025-20282: Lack of File Validation Checks

Impact and Mitigation

The impact of these vulnerabilities is severe, as they allow complete compromise of the affected systems without requiring any authentication. Cisco's Identity Services Engine (ISE) is a widely used network access control solution, deployed across secure network servers, virtual machines, and cloud instances (including AWS, Microsoft Azure, and Oracle Cloud Infrastructure). ISE-PIC is crucial for passive identity data gathering in user authentication processes.

Cisco has confirmed that there are no known active exploits in the wild for these specific vulnerabilities, but given their critical nature, immediate patching is strongly advised. There are no workarounds available to mitigate these issues, making the application of patches the only effective solution.

Key Takeaways

  • Immediate Action Required: Users of Cisco ISE and ISE-PIC versions 3.3 and 3.4 must apply the latest patches without delay.

  • No Workarounds: Patching is the only way to address these critical vulnerabilities.

  • Unauthenticated Access: Both flaws allow remote, unauthenticated attackers to gain root privileges.

  • Independent Exploitation: The vulnerabilities are independent, meaning exploiting one does not require exploiting the other.

  • Cloud Deployments Affected: ISE deployments on cloud platforms like AWS, Azure, and Oracle Cloud Infrastructure are also vulnerable.

Cisco has credited Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity for reporting these critical flaws. As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

  • Critical Cisco ISE Vulnerabilities Allow Remote Code Execution, SecurityWeek.

  • Cisco fixes two critical make-me-root bugs • The Register, The Register.

  • Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access, The Hacker News.

  • Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure, Security Affairs.

  • Cisco bugs allow creating admin accounts, executing commands as root, BleepingComputer.

Join our mailing list

bottom of page