Cisco corrects critical security problems, so update now


  • Cisco publishes a correction for two defects in the engine of identity services
  • The defects have enabled the execution of the remote code, the exfiltration of sensitive data and more
  • The first clean version of the identity services engine is 3.4

Cisco has published fixes for two critical severity vulnerabilities distressing its identity engine solution (ISE). Since faults can be abused to execute arbitrary orders and steal sensitive information, Cisco has urged its users to apply the fixes as soon as possible.

In a security notice, the networking giant first declared that it has corrected a “dereialization of Java byte flows supplied by the user” followed as CVE-2025-20124, and received a gravity score of 9, 9/10 (critic). By sending a personalized serialized java object to an assigned Cisco ISE API, an attacker could execute arbitrary orders and increase privileges.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top