Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Multiple Vulnerabilities in Cisco Identity Services Engine (ISE)

10 February 2025

Cisco has released security updates to address critical vulnerabilities (CVE-2025-20124 and CVE-2025-20125) affecting their Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), regardless of device configuration.

The vulnerabilities are:

  • CVE-2025-20124: Successful exploitation of the insecure java deserialisation vulnerability could allow an authenticated remote attacker to perform arbitrary code execution on the vulnerable device as a root user. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10.

  • CVE-2025-20125: Successful exploitation of the authorisation bypass vulnerability could allow an authenticated remote attacker with valid read-only credentials to access sensitive information, modify node configurations, and restart the node.

The vulnerabilities affect Cisco ISE Software versions 3.3 and earlier.

Users and administrators of affected products are advised to update to the latest versions immediately.

More information is available here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF

https://nvd.nist.gov/vuln/detail/CVE-2025-20124

https://nvd.nist.gov/vuln/detail/CVE-2025-20125

Back to top