Cisco patches critical security issues, so update now

News
By
published

Two critical-severity flaws recently addressed in Cisco Identity Services Engine

A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
(Image credit: Shutterstock)
  • Cisco releases fix for two flaws in Identity Services Engine
  • The flaws allowed for remote code execution, sensitive data exfiltration, and more
  • The first clean version of Identity Services Engine is 3.4

Cisco has released patches for two critical-severity vulnerabilities plaguing its Identity Services Engine (ISE) solution. Since the flaws can be abused to run arbitrary commands and steal sensitive information, Cisco urged its users to apply the fixes as soon as possible.

In a security advisory, the networking giant first said it patched a “deserialization of user-supplied Java byte streams” vulnerability tracked as CVE-2025-20124, and given a severity score of 9.9/10 (critical). By sending a custom serialized Java object to an affected Cisco ISE API, an attacker could execute arbitrary commands and elevate privileges.

The second flaw is an authentication bypass bug, occurring since an API did not perform authorization checks, or properly validated user-supplied data. A threat actor could send a malicious HTTP request to the API on the device to trigger it. This bug is tracked as CVE-2025-20125, and was given a severity score of 9.1/10 (critical).

Authentication required

While these flaws sound dangerous, they’re not that easy to exploit. Cisco said that threat actors would still need to be authenticated, and with a read-only admin account, at that.

Indeed, that means pulling the attack off is a lot more difficult, but still not impossible. As The Register properly noted, cybercriminals can phish for login credentials, or simply buy them off the black market.

“It's worth noting that NCC Group blamed last year's surge in ransomware attacks partly on compromised credentials, so it's not like these are too difficult to obtain. Rogue insiders can also abuse these holes, of course,” the publication said.

In any case, Cisco has already come out with fixes, so patching them should be done as soon as possible. Versions 3.0 - 3.3 were said to be vulnerable, so users should ensure they bring their software to version 3.4, at least. The good news is that there is still no evidence of abuse in the wild.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

More about security
An illustration of a 1960s spy with sunglasses and a big coat

Paragon spyware cancels contract with Italian government after targeting journalists and citizens across Europe
A Wi-Fi router placed on a desk with cables going in. A hand is holding a padlock on top of the router.

Five Eyes shares fresh guidance for network edge device security
KitchenAid stand mixer in Butter on kitchen table with breakfast items

KitchenAid reveals its color of the year for 2025 – and I want to eat it out of a tub with a spoon
See more latest