Cisco Patches Another Critical ISE Vulnerability

Cisco has released patches for multiple vulnerabilities, including a critical flaw in Cisco ISE that leads to remote code execution (RCE).

Cisco on Wednesday informed customers of another critical-severity vulnerability in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could lead to remote code execution (RCE).

In an update to a June 25 advisory detailing two such flaws, tracked as CVE-2025-20281 and CVE-2025-20282, the tech giant added a fresh CVE to the list, alerting users of its maximum severity rating.

Tracked as CVE-2025-20337, the bug has a CVSS score of 10/10, the same as the other two issues, and impacts the same API as CVE-2025-20281.

“Multiple vulnerabilities in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit these vulnerabilities ...