Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands

Nature of the Vulnerabilities

The vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, target specific APIs within Cisco ISE and ISE-PIC.

Both can be exploited without any valid credentials, making them particularly dangerous for organizations relying on these platforms for network access control and security policy enforcement.

CVE-2025-20281: API Input Validation Flaw This vulnerability affects Cisco ISE and ISE-PIC releases 3.3 and later. It arises from the insufficient validation of user-supplied input in a specific API.

Attackers can exploit this flaw by sending crafted API requests, enabling them to execute arbitrary code on the underlying operating system with root privileges. No authentication is required, meaning any remote attacker could potentially gain full control over the device.

CVE-2025-20282: Arbitrary File Upload and Execution Affecting only Cisco ISE and ISE-PIC release 3.4, this vulnerability stems from a lack of file validation checks in an internal API.

To read the complete article, see: https://gbhackers.com/cisco-ise-vulnerability/