Cisco Patches Three Critical Vulnerabilities – Here are the Products Affected

Three separate vulnerabilities impact Cisco’s identity services. All have been patched.

Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated remote attacker to issue commands with root privileges, Cisco said in an advisory on July 17.

Cisco released multiple patches for the issues, including an expanded fix for specific software versions.

The vulnerabilities were reported by Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity by Ierae, working with Trend Micro Zero Day Initiative.

The vulnerabilities allow for arbitrary code execution

Cisco’s patches address three vulnerabilities: CVE-2025-20281, CVE-2025-20337, and CVE-2025-20282. All are arbitrary code execution vulnerabilities, but they are not related to each other and do not need to be exploited together to be effective.

CVE-2025-20281 and CVE-2025-20337 open up Cisco ISE and Cisco ISE-PIC to remote code ...