Cisco Releases Patches for Critical Identity Services Engine Vulnerabilities
/ 1 min read
🔑 Cisco addresses critical vulnerabilities in Identity Services Engine. Cisco has issued a security advisory for two critical vulnerabilities in its Identity Services Engine (ISE), identified as CVE-2025-20124 and CVE-2025-20125, which could allow authenticated attackers to execute arbitrary commands and bypass authorization controls. The first vulnerability, CVE-2025-20124, involves insecure Java deserialization, while the second, CVE-2025-20125, relates to an authorization bypass in a specific API. Both vulnerabilities require valid read-only administrative credentials to exploit. Cisco has released software updates to mitigate these risks, and organizations using ISE are urged to upgrade to the latest versions promptly, as there are no effective workarounds available.
