A critical vulnerability rated 10 out of 10 has been identified in Cisco's Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), which allows remote attackers to gain root access. This vulnerability (CVE-2025-20337) is associated with previous flaws disclosed earlier and poses serious risks of unauthorized control over compromised systems. Cisco recommends immediate software updates, highlighting that there are no workarounds for this flaw. Users must take action based on their current release versions to mitigate these risks effectively.
Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges.
The vendor disclosed CVE-2025-20337 on Wednesday in an update to a June security advisory about two other max-severity flaws in the same products. The new bug is related to CVE-2025-20281, which also received a 10 CVSS rating and affects ISE and ISE-PIC releases 3.3 and 3.4.
Collection
[
|
...
]