Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access

Jul 22, 2025Ravie LakshmananNetwork Security / Vulnerability

Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation.

“In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild,” the company said in an alert.

The network equipment vendor did not disclose which vulnerabilities have been weaponized in real-world attacks, the identity of the threat actors exploiting them, or the scale of the activity.

Cisco ISE plays a central role in network access control, managing which users and devices are allowed onto corporate networks and under what conditions. A compromise at this layer could give attackers unrestricted access to internal systems, bypassing authentication controls and logging mechanisms—turning a policy engine into an open door.

The vulnerabilities outlined in the alert are all critical-rated bugs (CVSS scores: 10.0) that could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user –

• CVE-2025-20281 and CVE-2025-20337 – Multiple vulnerabilities in a specific API that could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root
• CVE-2025-20282 – A vulnerability in an internal API that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root

While the first two flaws are the result of insufficient validation of user-supplied input, the latter stems from a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system.

As a result, an attacker could leverage these shortcomings by submitting a crafted API request (for CVE-2025-20281 and CVE-2025-20337) or uploading a crafted file to the affected device (for CVE-2025-20282).

In light of active exploitation, it’s essential that customers upgrade to a fixed software release as soon as possible to remediate these vulnerabilities. These flaws are exploitable remotely without authentication, placing unpatched systems at high risk of pre-auth remote code execution—a top-tier concern for defenders managing critical infrastructure or compliance-driven environments.

Security teams should also review system logs for suspicious API activity or unauthorized file uploads, especially in externally exposed deployments.

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!