Cisco Releases Patches for Critical ISE Vulnerabilities
/ 1 min read
🔐 Cisco addresses critical vulnerabilities in Identity Services Engine. Cisco has released patches for two severe vulnerabilities in its Identity Services Engine (ISE) platform, which could allow authenticated remote attackers to execute arbitrary commands as root and bypass authorization. The flaws, identified as CVE-2025-20124 and CVE-2025-20125, affect all configurations of Cisco ISE and its Passive Identity Connector. Cisco has urged administrators to upgrade to fixed software releases to mitigate these risks. Additionally, the company warned of high-severity vulnerabilities in its IOS and NX-OS software that could lead to denial of service conditions, with plans for updates in the coming months. No evidence of active exploitation has been reported for the ISE vulnerabilities.
