July 22, 2025 By Pierluigi Paganini
Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025.
Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws (CVE-2025-20281, CVE-2025-20282, CVE-2025-20337), updating its advisory after detecting attacks in July 2025.
“Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.” reads the advisory. “In July 2025, the Cisco PSIRT became aware of attempted exploitation of some of these vulnerabilities in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities.”
In June, Cisco addressed the critical vulnerabilities CVE-2025-20281 and CVE-2025-20282 in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow remote, unauthenticated attackers to execute arbitrary code with root privileges.
