Critical RCE Vulnerabilities in Cisco ISE and ISE Express Uncovered

Cisco has addressed two critical security vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), identified as CVE-2025-20281 and CVE-2025-20282, both with a maximum severity score of 10.0.

CVE-2025-20281 arises from inadequate input validation, allowing attackers to send crafted requests to escalate privileges and execute commands. CVE-2025-20282 is due to improper file upload validation, enabling malicious files to be placed in critical system directories. Exploiting these vulnerabilities could allow attackers to execute arbitrary code or gain administrative control.

Cisco has released updates to fix these issues, as no workarounds are available. The company credited Bobby Gould from Trend Micro Zero Day Initiative and Kentaro Kawane from GMO Cybersecurity for discovering these vulnerabilities. Although there is no evidence of exploitation in the wild, Cisco urges users to promptly apply the updates to mitigate potential risks.

Stay secure — stay Wavasec. 🔐