Published On: Jun 30, 2025 12:50
Advisory No: TZCERT-SA-25-0105
Source: Cisco
Software Affected: Cisco ISE and Cisco ISE-PIC
Cisco ISE and Cisco ISE-PIC are affected by critical vulnerabilities. The vulnerabilities could allow a remote attacker to execute arbitrary code on the affected device.
Cisco ISE and Cisco ISE-PIC are affected by critical vulnerabilities tracked as CVE-2025-20281 and CVE-2025-20282 with CVSS base score of 10 each. The vulnerabilities result from insufficient validation of user-supplied input and due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. Successful exploitation of these vulnerabilities could allow an remote attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
Cisco has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
