Dark Reading

Cisco Discloses '10' Flaw in ISE, ISE-PIC — Patch Now

Networking vendor Cisco disclosed this week a critical vulnerability in one of its security policy products that was designated the highest severity rating possible. CVE-2025-20337 is a vulnerability ...
Bleeping Computer

Max severity Cisco ISE bug allows pre-auth command execution, patch now

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root ...
Bleeping Computer

Cisco: Maximum-severity ISE RCE flaws now exploited in attacks

Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. Although the vendor did ...
TechRepublic

Cisco Patches Three Critical Vulnerabilities – Here are the Products Affected

Three separate vulnerabilities impact Cisco’s identity services. All have been patched. Severe vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC ...
SDxCentral

Cisco shares patches for critical Identity bugs

Cisco has released patches for two flaws on the Identity front. Marked as top-level severity, the vulnerabilities are tagged as CVE-2025-20281 and CVE-2025-20282. Both can be exploited for remote code ...
CSOonline

Cisco warns of another critical RCE flaw in ISE, urges immediate patching

The newly disclosed flaw affects a specific API that suffers from insufficient input validation to allow unauthenticated RCE at the root. Cisco has dropped another maximum severity advisory detailing ...
Network World

Cisco identifies vulnerability in ISE network access control devices

The latest flaw in Cisco Systems Identity Services Engine (ISE), which could expose sensitive information to an attacker, requires rotation of credentials as well as ...