6 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-20281
Exploit or POC: No known public exploit yet
Update: CVE-2025-20281 – Cisco Security Advisory
Description: CVE-2025-20281 is a critical vulnerability in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), affecting versions 3.3 and later. It results from insufficient validation of user-supplied input in a publicly exposed API, enabling an unauthenticated remote attacker to execute arbitrary code as the root user via a crafted API request. This flaw poses a severe security risk, permitting full system control without authentication.
- ISE/ISE-PIC 3.3: install Patch 6
- ISE/ISE-PIC 3.4: install Patch 2
Cisco Identity Services Engine (ISE) Unauthenticated Remote Code Execution Vulnerability
CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-20282
Exploit or POC: No known public exploit yet
Update: CVE-2025-20282 – Cisco Security Advisory
Affected Versions:
- Cisco ISE and ISE-PIC 3.4 (all builds prior to 3.4 Patch 2)
Mitigation Recommendation: