CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

Hackers Start Exploiting Critical Cisco ISE Vulnerabilities

Cisco says it is aware of attempted exploitation of critical ISE vulnerabilities leading to unauthenticated remote code execution. The post Hackers Start Exploiting Critical Cisco ISE Vulnerabilities appeared first on SecurityWeek.

Cisco vulnerabilities

Hackers are targeting critical vulnerabilities in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), less than a month after patches were rolled out.

On June 25, Cisco warned that two flaws in ISE and ISE-PIC could allow remote, unauthenticated attackers to execute arbitrary code on the underlying operating system, with root privileges.

Last week, Cisco updated its advisory to warn that, in addition to the initially discovered issues, tracked as CVE-2025-20281 and CVE-2025-20282 (CVSS score of 10/10), a third bug, tracked as CVE-2025-20337 and equally severe, was identified in the vulnerable products.

CVE-2025-20281 and CVE-2025-20337 affect a specific API and exist because user-supplied input is insufficiently validated. CVE-2025-20282 impacts another API and exists because insufficient validation checks allow for uploaded files to be placed in privileged directories.

Attackers could exploit these issues by submitting crafted API requests and by uploading crafted files, allowing them to execute arbitrary commands and code, with root privileges.

On Tuesday, Cisco updated its advisory again, to warn that threat actors have started targeting these vulnerabilities in the wild.

“In July 2025, the Cisco PSIRT became aware of attempted exploitation of some of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities,” the company notes.

The three flaws affect Cisco ISE and ISE-PIC versions 3.3 and 3.4, and were addressed in ISE and ISE-PIC versions 3.3 Patch 7 and 3.4 Patch 2. Versions 3.2 and earlier of the appliances are not affected.

Cisco recommends that customers who previously installed ISE version 3.3 Patch 6 and the previously released hot patches update to fully patched releases, as they contain fixes for CVE-2025-20337 as well.

All three security defects were reported through the Trend Micro Zero Day Initiative, Cisco says. The company has refrained from sharing details on the observed exploitation attempts.

Related: Cisco Warns of Hardcoded Credentials in Enterprise Software

Related: High-Severity Vulnerabilities Patched by Cisco, Atlassian

Related: Cisco Patches Critical ISE Vulnerability With Public PoC

Related: Technical Details Published for Critical Cisco IOS XE Vulnerability

Latest News

CYBERNEWSMEDIAPublisher