PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw

Threat Score:
66
5 articles
100.0% similarity
7 days ago

Activity Timeline

5 articles
Click to navigate
Jul 28
Jul 29
Jul 29
Jul 29
Jul 29
Oldest
Latest
PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw

Key Insights

1
Two critical vulnerabilities in Cisco Identity Services Engine (ISE), CVE-2025-20281 and CVE-2025-20337, allow unauthenticated remote code execution, impacting versions 3.3 and 3.4.
2
Both vulnerabilities have been assigned a CVSS score of 10, indicating they are critical and pose immediate risks to organizations using affected systems.
3
CISA has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting active exploitation in the wild.
4
Organizations are urged to apply patches or mitigations immediately to prevent potential breaches, as proof-of-concept exploits are publicly available.

Threat Overview

Cisco's Identity Services Engine (ISE) has two critical vulnerabilities, CVE-2025-20281 and CVE-2025-20337, which allow unauthenticated attackers to execute arbitrary code with root privileges on versions 3.3 and 3.4 [1][2][3]. CISA has flagged these vulnerabilities as actively exploited, with a CVSS score of 10, indicating severe risk [2][3]. Organizations must immediately implement available patches or apply mitigations to safeguard their systems [1][4]. Security teams should monitor for unusual activity and ensure proper access controls are in place to mitigate exploitation risks [2][3].

Tactics, Techniques & Procedures (TTPs)

T1203
Exploitation for Client Execution - Attackers exploit vulnerabilities in Cisco ISE to execute arbitrary code remotely [1][3]
T1068
Exploitation of Elevation of Privilege - Unauthenticated remote code execution achieved through API vulnerabilities [2][4]
T1190
Exploit Public-Facing Application - Attackers send specially crafted requests to exploit Cisco ISE vulnerabilities [3][4]
T1550.001
Use of Default Credentials - Potential use of default or weak credentials to gain unauthorized access [2][3]

Timeline of Events

2025-06-25
Cisco discloses vulnerabilities CVE-2025-20281 and CVE-2025-20337 [1]
2025-07-28
CISA adds the vulnerabilities to its Known Exploited Vulnerabilities Catalog [2]
2025-07-29
Active exploitation of the vulnerabilities reported [3][4]
Ongoing
Threat actors continue to exploit vulnerabilities in the wild [2][3]
Powered by ThreatCluster AI
Generated 6 days ago
AI analysis may contain inaccuracies

Related Articles

5 articles
1
PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw

PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw

GB Hackers 7 days ago

PoC Exploit Published for Actively Exploited Cisco Identity Services Engine Flaw Security researchers have published a detailed proof-of-concept exploit for a critical vulnerability in Cisco Identity Services Engine (ISE) that allows attackers to achieve remote code execution without authentication. The flaw, tracked as CVE-2025-20281, affects the widely-deployed network access control platform and has been actively exploited in the wild. Critical Zero-Day Vulnerability Exposed The vulnerability

Score
56
92.0% similarity
Read more
2

CISA Issues Alert on Cisco Identity Services Engine Flaw Exploited in Active Attacks

GB Hackers 7 days ago

CISA Issues Alert on Cisco Identity Services Engine Flaw Exploited in Active Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding severe vulnerabilities in Cisco’s Identity Services Engine (ISE) that are being actively exploited by threat actors. The agency added two critical injectionvulnerabilitiesto its Known Exploited Vulnerabilities Catalog on July 28, 2025, signaling immediate risks to organizations using the affected systems. C

Score
53
97.0% similarity
Read more
3
Exploit available for critical Cisco ISE bug exploited in attacks

Exploit available for critical Cisco ISE bug exploited in attacks

BleepingComputer 7 days ago

Exploit available for critical Cisco ISE bug exploited in attacks Bill Toulas July 28, 2025 01:29 PM 0 Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). The critical vulnerability wasfirst disclosed on June 25, 2025, with Cisco warning that it impacts ISE and ISE-PIC versions 3.3 and 3.4, allowing unauthenticated, remote attackers to u

Score
53
100.0% similarity
Read more
4

CISA Warns of Cisco Identity Services Engine Vulnerability Exploited in Attacks

Cybersecurity News 7 days ago

CISA has issued an urgent warning regarding two critical injection vulnerabilities in Cisco’s Identity Services Engine (ISE) that threat actors are actively exploiting.  The vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20337, allow attackers to achieve remote code execution with root privileges on affected systems.  Key Takeaways1. CISA added two Cisco ISE vulnerabilities (CVE-2025-20281, CVE-2025-20337) to its […]

Score
47
96.0% similarity
Read more
5

CISA Adds Cisco ISE and PaperCut Vulnerabilities to Known Exploited Vulnerabilities Catalog

The Cyber Express 6 days ago

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding three high-impact vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. These include two unauthenticated remote code execution flaws in Cisco Identity Services Engine (ISE) and one cross-site request forgery (CSRF) vulnerability affecting PaperCut NG/MF software. Critical Cisco ISE Flaws: CVE‑2025‑20281 and CVE‑2025‑20337 The first two vulnerabilities , CVE‑2025‑20281 and CVE‑202

Score
46
100.0% similarity
Read more