Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in Cisco Identity Services Engine (ISE)
Alerts

Multiple Vulnerabilities in Cisco Identity Services Engine (ISE)

10 February 2025

Cisco has released security updates to address critical vulnerabilities (CVE-2025-20124 and CVE-2025-20125) affecting their Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), regardless of device configuration.

The vulnerabilities are:

  • CVE-2025-20124: Successful exploitation of the insecure java deserialisation vulnerability could allow an authenticated remote attacker to perform arbitrary code execution on the vulnerable device as a root user. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10.

  • CVE-2025-20125: Successful exploitation of the authorisation bypass vulnerability could allow an authenticated remote attacker with valid read-only credentials to access sensitive information, modify node configurations, and restart the node.

The vulnerabilities affect Cisco ISE Software versions 3.3 and earlier.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF

https://nvd.nist.gov/vuln/detail/CVE-2025-20124

https://nvd.nist.gov/vuln/detail/CVE-2025-20125

Back to top