Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerabilities in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC)

26 June 2025

Cisco has released security updates addressing multiple critical vulnerabilities in their ISE and ISE-PIC. Users and administrators of affected products are advised to update to the latest versions.

Background

Cisco has released security updates addressing multiple critical vulnerabilities (CVE-2025-20281 and CVE-2025-20282) in their Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC).

Impact

The vulnerabilities are:

  • CVE-2025-20281: Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to perform arbitrary code execution with root privileges. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

  • CVE-2025-20282: Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to upload and execute malicious files on the vulnerable product with root privileges. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 10 out of 10.

 Affected Products

The critical vulnerabilities affect the following products:

CVE-2025-20281

  • Cisco ISE versions 3.3 and 3.4

  • Cisco ISE-PIC versions 3.3 and 3.4

CVE-2025-20282

  • Cisco ISE version 3.4

  • Cisco ISE-PIC version 3.4

Mitigation Measures

Users and administrators of affected products are advised to update to the latest versions.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6

https://nvd.nist.gov/vuln/detail/CVE-2025-20281

https://nvd.nist.gov/vuln/detail/CVE-2025-20282

Back to top