Cisco patches critical security issues, update your system immediately.
Recently, two high-severity vulnerabilities in Cisco Identity Services Engine have been fixed.
Cisco has released a set of patches to address two critical vulnerabilities in its Identity Services Engine (ISE) solution. These security issues allow for remote code execution and the extraction of sensitive data, leading the company to recommend that users apply the updates immediately.
In a security advisory, Cisco identified one of the vulnerabilities as a “deserialization of user-provided Java byte streams,” registered as CVE-2025-20124, which has a severity score of 9.9 out of 10, classifying it as critical. By sending a custom serialized Java object to the affected Cisco ISE API, an attacker could execute arbitrary commands and escalate their privileges.
The second vulnerability is an authentication bypass flaw, which arises because an API does not perform adequate authorization checks or properly validate user-provided data. A malicious actor could send a harmful HTTP request to the API on the device to exploit this flaw, which is registered as CVE-2025-20125 and has a severity score of 9.1 out of 10, also considered critical.
Despite the severity of these vulnerabilities, Cisco clarifies that they are not easy to exploit. Cybercriminals would need to be authenticated and also possess a read-only administrator account. This complicates the execution of the attack, but does not make it impossible. Experts have noted that cybercriminals may resort to phishing techniques to obtain access credentials or even buy them on the black market.
It has been noted that the increase in ransomware attacks over the past year has been partly associated with compromised credentials, demonstrating that it is not difficult to obtain this type of access. Additionally, malicious insider actors may also take advantage of these vulnerabilities.
To mitigate the risk, Cisco urges its users to upgrade to software version 3.4, as versions 3.0 to 3.3 are considered vulnerable. So far, there are no indications that these vulnerabilities have been exploited in real-world environments.
