{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2025-025.pdf"
    },
    "title": "Critical Vulnerabilities in Cisco ISE",
    "serial_number": "2025-025",
    "publish_date": "18-07-2025 12:57:21",
    "description": "On June 25, Cisco released an advisory addressing 2 critical vulnerabilities affecting Cisco's Identity Services Engine (ISE) product that would allow an attacker to execute arbitrary code on vulnerable devices.<br>\nOn July 16, Cisco updated this advisory adding a third critical vulnerability affecting Cisco's Identity Services Engine (ISE) product.<br>\nIt is recommended updating affected product as soon as possible.<br>\n",
    "url_title": "2025-025",
    "content_markdown": "---    \ntitle: 'Critical Vulnerabilities in\u00a0Cisco\u00a0ISE'\nnumber: '2025-025'\nversion: '1.0'\noriginal_date: '2025-07-16'\ndate: '2025-07-18'\n---\n\n_History:_\n\n* _18/07/2025 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn June 25, Cisco released an advisory addressing 2 critical vulnerabilities affecting Cisco's Identity Services Engine (ISE) product that would allow an attacker to execute arbitrary code on vulnerable devices [1].\n\nOn July 16, Cisco updated this advisory adding a third critical vulnerability affecting Cisco's Identity Services Engine (ISE) product [1].\n\nIt is recommended updating affected product as soon as possible.\n\n# Technical Details\n\nThe vulnerabilities **CVE-2025-20281** and **CVE-2025-20337**, both with a CVSS score of 10, are due to insufficient validation of user-supplied input in a specific API endpoint of the product. An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root.\n\nThe vulnerability **CVE-2025-20282**, with a CVSS score of 10, is due to a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.\n\n# Affected Products\n\nThe following product versions are affected by the vulnerabilities:\n\n- Cisco ISE or ISE-PIC Release 3.3 before Patch 7\n- Cisco ISE or ISE-PIC Release 3.4 before Patch 2\n\n_Note: Cisco warns that customers who applied the patches for CVE-2025-20281 and CVE-2025-20282 are not covered for CVE-2025-20337, and need to upgrade to ISE 3.3 Patch 7 or ISE 3.4 Patch 2._\n\n# Recommendations\n\nIt is recommended updating affected devices as soon as possible.\n\n# References \n\n[1] <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6>",
    "content_html": "<p><em>History:</em></p><ul><li><em>18/07/2025 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On June 25, Cisco released an advisory addressing 2 critical vulnerabilities affecting Cisco's Identity Services Engine (ISE) product that would allow an attacker to execute arbitrary code on vulnerable devices [1].</p><p>On July 16, Cisco updated this advisory adding a third critical vulnerability affecting Cisco's Identity Services Engine (ISE) product [1].</p><p>It is recommended updating affected product as soon as possible.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerabilities <strong>CVE-2025-20281</strong> and <strong>CVE-2025-20337</strong>, both with a CVSS score of 10, are due to insufficient validation of user-supplied input in a specific API endpoint of the product. An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root.</p><p>The vulnerability <strong>CVE-2025-20282</strong>, with a CVSS score of 10, is due to a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.</p><h2 id=\"affected-products\">Affected Products</h2><p>The following product versions are affected by the vulnerabilities:</p><ul><li>Cisco ISE or ISE-PIC Release 3.3 before Patch 7</li><li>Cisco ISE or ISE-PIC Release 3.4 before Patch 2</li></ul><p><em>Note: Cisco warns that customers who applied the patches for CVE-2025-20281 and CVE-2025-20282 are not covered for CVE-2025-20337, and need to upgrade to ISE 3.3 Patch 7 or ISE 3.4 Patch 2.</em></p><h2 id=\"recommendations\">Recommendations</h2><p>It is recommended updating affected devices as soon as possible.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6\">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}