At the end of the summer of 2025, cybersecurity citizens continue to see a new wave of cyberattacks that target the “heart” of corporate network access control systems. Cisco has just confirmed serious vulnerabilities in the Identity Services Engine (ISE) platform and the ISE Passive Identity Connector (I SE-PIC) are being de facto exploited.

Some security vulnerabilities in the ISE have been targeted and attacked by hackers as of July 2025, experts said. While no specific hacker group is conducting the attacks or the extent of their impact has been announced, the serious nature of the vulnerabilities has drawn particular attention from the global security community.

1753251189698.png

“Victims” is ISE.

Cisco ISE plays a key role in controlling who and what devices are allowed access to the enterprise intranet. Once attacked, the system can turn from a management tool to an open gate that allows hackers to enter deep inside an internal network without any authentication.

Three serious vulnerabilities (CVSS 10.0) are highlighted including:

  • CVE – 2025-20281 and CVe – 2O2520337: Derive from incomplete input authentication in a particular API, allowing unauthenticated remote attackers to execute malicious code with root access.
  • CVE – 2025-20282: Enables the upload and execution of malicious files to privileged directories on the operating system due to the lack of checks for files uploaded via internal APIs.

As long as a sophisticated designed API request or a malicious file is properly uploaded, the attacker can take full control of the system. This is especially dangerous because no login is required, no authentication is required; the system has not yet been updated with a patch.

Businesses need to act now

In the face of active exploitation, Cisco urges all customers to:

  • Upgrade immediately to a patched version of the software
  • Check system logs for unusual behavior related to APIs or illegally uploaded files, especially in ISE implementations with internet exposure

Delays in updating can expose businesses to the risk of losing full control over network infrastructure, a particularly serious risk in environments where strict security regulations are required.

The Hacker News