Back to Insights

Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the <em>root </em>user.<br><br>
For more information about these vulnerabilities, see the <a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6?vs_f=Cisco Security Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities%26vs_k=1#details”>Details</a> section of this advisory.<br><br>
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.<br><br>
<strong>Note:</strong> Since the publication of version 1.0 of this advisory, improved fixed releases have become available. Cisco recommends upgrading to an enhanced fixed release as follows:<br><br>
<ul>
<li>If Cisco ISE is running <strong>Release </strong><strong>3.4 Patch 2</strong>, no further action is necessary.</li>
<li>If Cisco ISE is running <strong>Release 3.3 Patch 6</strong>, additional fixes are available in <strong>Release 3.3 Patch 7</strong>, and the device must be upgraded.</li>
<li>If Cisco ISE has either hot patch<strong> ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz</strong> or hot patch <strong>ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz </strong>installed, Cisco recommends upgrading to <strong>Release 3.3 Patch 7 </strong>or <strong>Release </strong><strong>3.4 Patch 2</strong>.<strong> </strong>The hot patches did not address CVE-2025-20337 and have been deferred from CCO.</li>
</ul>
This advisory is available at the following link:<br><a href=”https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6″>https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6</a><br><br>

<br/>Security Impact Rating: Critical

<br/>CVE: CVE-2025-20281,CVE-2025-20282,CVE-2025-20337

Share This :

Looking for support?

If your IT provider needs a meeting to fix a simple issue, imagine what they’re costing you when it really matters.

Get Started

Home

Industries

Services

Contact

Instagram Linkedin-in Telegram

© 2025 AGR Networks • UEN: 53501023X • All Rights Reserved