Cisco Addresses Critical Vulnerabilities in Identity Services Engine
Cisco has announced crucial updates to its Identity Services Engine (ISE) software to remedy two significant security vulnerabilities that could empower remote attackers to execute arbitrary commands and gain elevated privileges on targeted devices. These vulnerabilities, if exploited, pose substantial risks to organizations relying on Cisco ISE for managing network access.
The first vulnerability, tracked as CVE-2025-20124, has received a critical CVSS score of 9.9. It involves an insecure Java deserialization flaw found in an API within Cisco ISE. An authenticated attacker could potentially leverage this vulnerability to execute commands with root privileges on affected devices, posing a severe threat to data integrity and system security.
The second flaw, identified as CVE-2025-20125, carries a CVSS score of 9.1. This vulnerability allows for an authorization bypass in another API of Cisco ISE, enabling an authenticated attacker with read-only credentials to access sensitive information. Moreover, the attacker could modify node configurations and even restart the node, heightening the risk of operational disruptions.
Exploitation of either flaw could occur through crafted serialized Java objects or malicious HTTP requests sent to unspecified API endpoints, leading to unauthorized privilege escalation and arbitrary code execution. This behavior aligns with tactics outlined in the MITRE ATT&CK framework, particularly focusing on initial access and privilege escalation avenues.
Cisco has emphasized that these vulnerabilities operate independently and currently have no known workarounds for mitigation. The company has released patches in versions of ISE software, with specific updates addressing these vulnerabilities in releases 3.1, 3.2, and 3.3, while version 3.4 is notably not vulnerable.
Security researchers Dan Marin and Sebastian Radulea from Deloitte have been credited with discovering these vulnerabilities and bringing them to Cisco’s attention. While the tech giant has stated there have been no confirmed instances of malicious exploitation, it strongly advises users to maintain their systems with the latest updates to safeguard against potential threats.
Business owners and IT professionals should exercise diligence in applying these updates to their Cisco ISE installations, as the implications of a successful attack could be severe, extending beyond mere data loss to potentially jeopardizing entire networks. By taking these proactive steps, organizations can better shield themselves from the increasing sophistication of cyber threats.
