The US Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on July 28.
These include two highly critical vulnerabilities in Cisco Identity Services Engine (ISE) Software, a network security policy management platform that provides secure access control, authentication, authorization and accounting (AAA) services for users and devices connecting to enterprise networks.
Both vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20337, were discovered by security researchers working with the Trend Micro Zero Day Initiative and disclosed by Cisco on June 25.
They have been identified due to insufficient validation of a user-supplied input in a specific API of Cisco ISE and Cisco ISE Passive Identity Connector (ISE-PIC).
Attackers can exploit each by submitting a crafted API request. When exploited, it allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. It can lead the attacker to obtain root privileges on an affected device.
Both vulnerabilities affect the following versions of Cisco ISE:
- 3.3.0
- 3.3 Patch 2
- 3.3 Patch 1
- 3.3 Patch 3
- 3.4.0
- 3.3 Patch 4
- 3.4 Patch 1
- 3.3 Patch 5
- 3.3 Patch 6
Additionally, CVE-2025-20337 also affects Cisco ISE-PIC’s versions 3.1.0, 3.2.0, 3.3.0 and 3.4.0.
They are both rated with the highest severity level, with a CVSS3.1 score of 10.
Cisco has released patches for each affected version of Cisco ISE and Cisco ISE-PIC.
Cisco Product Security Incident Response Team (PSIRT) has become aware of attempted exploitation of both vulnerabilities in the wild.
CISA has set August 18 as the deadline for remediation, requiring organizations to address these critical security vulnerabilities within the next three weeks. No workaround is available besides applying the patches.
The third vulnerability added to CISA’s KEV list on July 28, CVE-2023-2533, is a high-severity cross-site request forgery (CSRF) vulnerability affecting PaperCut Next Generation (NG) and Multi-Function (MF), print management software solutions designed to help organizations control, monitor and optimize printing, copying, scanning and faxing across their networks.
No tags.
