Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access - The Hacker News

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access Ravie LakshmananJun 26, 2025Vulnerability, Network Security Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers CVE-2025-20281 and CVE-2025-20282, carry a CVSS score of 10.0 each. A description of the defects is below - CVE-2025-20281 - An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later that could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root CVE-2025-20282 - An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4 that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute those files on the underlying operating system as root Cisco said CVE-2025-20281 is the result of insufficient validation of user-supplied input, which an attacker could exploit by sending a crafted API request to obtain elevated privileges and run commands. In contrast, CVE-2025-20282 stems from a lack of file validation checks that would otherwise prevent the uploaded files from being placed in privileged directories. "A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system," Cisco said. The networking equipment vendor said there are no workarounds that address the issues. The shortcomings have been addressed in the below versions - CVE-2025-20281 - Cisco ISE or ISE-PIC 3.3 Patch 6 (ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz), 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz) CVE-2025-20282 - Cisco ISE or ISE-PIC 3.4 Patch 2 (ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz) The company credited Bobby Gould of Trend Micro Zero Day Initiative and Kentaro Kawane of GMO Cybersecurity for reporting CVE-2025-20281. Kawane, who previously reported CVE-2025-20286 (CVSS score: 9.9), has also been acknowledged for reporting CVE-2025-20282. While there is no evidence that the vulnerabilities have been exploited in the wild, it's essential that users move quickly to apply the fixes to safeguard against potential threats. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  cisco, cybersecurity, network security, Patch Management, privilege escalation, remote code execution, Vulnerability, zero-day Trending News New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 ClawJacked Flaw Lets Malicious Sites Hijack Local OpenClaw AI Agents via WebSocket APT28 Tied to CVE-2026-21513 MSHTML 0-Day Exploited Before Feb 2026 Patch Tuesday Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer Open-Source CyberStrikeAI Deployed in AI-Driven FortiGate Attacks Across 55 Countries ThreatsDay Bulletin: DDR5 Bot Scalping, Samsung TV Tracking, Reddit Privacy Fine and More 149 Hacktivist DDoS Attacks Hit 110 Organizations in 16 Countries After Middle East Conflict ⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack and Vibe-Coded Malware Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication OpenAI Codex Security Scanned 1.2 Million Commits and Found 10,561 High-Severity Issues Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities Popular Resources Self-Hosted WAF: Block SQLi, XSS, and Bots Before They Reach Your Apps 19,053 Confirmed Breaches in 2025 – Key Trends and Predictions for 2026 Read CYBER360 2026: From Zero Trust Limits to Data-Centric Security Paths Identity Controls Checklist: Find Missing Protections in Apps