See every side of every news story
Get Started
SubscribeLogin
Israel-Hamas Conflict
Donald Trump
Social Media
US Politics
Artificial Intelligence
Natural Disasters
Republican Party
US Crime
Education
Apple
Immigration
European Union
Soccer
Published loading...Updated

Watch Out, Another Max-Severity Cisco Bug on the Loose

NO LOC, JUL 17 – Cisco released patches for a critical 10/10 severity vulnerability in Identity Services Engine allowing unauthenticated attackers root access via crafted API requests, with no workarounds available.

  • Cisco addressed a critical security flaw, tracked as CVE-2025-20337, in its ISE platform and related Passive Identity Connector component, impacting versions 3.3 and 3.4, with the vulnerability rated at the highest severity level of 10 out of 10.
  • This vulnerability emerged after previous disclosures in June for CVE-2025-20281 and CVE-2025-20282, which are similar but distinct flaws also impacting ISE 3.3 and 3.4, requiring patches for full coverage.
  • The vulnerability allows an unauthenticated attacker to execute arbitrary code, store malicious files, and gain root-level privileges via crafted API requests, with no known exploits or workarounds currently.
  • Security expert Dustin Childs highlighted the seriousness of the vulnerability given its maximum CVSS score of 10, and indicated that threat actors are likely to target it in the near future.
  • Cisco advises immediate patching by upgrading to ISE 3.3 Patch 7 or 3.4 Patch 2, recommends assessing risk exposure, and confirms the flaw does not affect releases 3.2 or earlier.
Insights by Ground AI
Does this summary seem wrong?

13 Articles

The RegisterThe Register
Center

Watch out, another max-severity Cisco bug on the loose

: Three perfect 10s in the last month - ISE, ISE, baby

Read Full Article
Tech RadarTech Radar
Center

Cisco ISE maximum severity flaw lets hackers execute root code

Versions 3.3 and 3.4 are vulnerable. Older - or newer - versions, are not.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Max severity Cisco ISE bug allows pre-auth command execution, patch now

A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. [...]

Read Full Article
The Cyber ExpressThe Cyber Express

Cisco CVE-2025-20337 & ISE-PIC Vulnerabilities Uncovered

Cisco has issued a new security advisory warning of newly discovered vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), revealing serious security flaws that could allow remote, unauthenticated attackers to execute arbitrary code on targeted systems with root privileges.  The most severe of these vulnerabilities, tracked as CVE-2025-20337, carries the maximum CVSS score of 10.0. This vulnerability…

Read Full Article
CSO OnlineCSO Online

Cisco warns of another critical RCE flaw in ISE, urges immediate patching

Cisco has dropped another maximum severity advisory detailing an unauthenticated remote code execution (RCE) flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The networking equipment giant warned that the flaw, much similar to a critical bug it fixed last month, stems from insufficient input validation in a public API. “Cisco’s disclosure of the flaw highlights a troubling pattern in API-exposed infrastruc…

Read Full Article
Malware Analysis, News and IndicatorsMalware Analysis, News and Indicators

Cisco patches 10.0 vulnerability in ISE, its second in three weeks

Security pros express concern over a trusted system like Cisco ISE showing continued vulnerabilities. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code:…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Thursday, July 17, 2025.
Sources are mostly out of (0)

Similar News Topics

Cisco icon

Cisco

Technology icon

Technology

News
For You
SearchBlindspotLocal