Cisco Alerts on ISE RCE Vulnerability Actively Exploited

Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products are being actively exploited in the wild.

The flaws, tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, carry the highest possible severity rating, with a CVSS base score of 10.0, and allow unauthenticated attackers to gain root-level access to vulnerable systems.

Cisco confirmed that no viable workarounds exist and strongly urged customers to apply the provided security updates without delay.

The first pair of vulnerabilities, CVE-2025-20281 and CVE-2025-20337, reside in public APIs of Cisco ISE and ISE-PIC releases 3.3 and 3.4.

By submitting specially crafted API requests, attackers can bypass input validation checks and execute arbitrary commands on the underlying operating system with root privileges.