- Cisco publishes a correction for two defects in the engine of identity services
- The defects have enabled the execution of the remote code, the exfiltration of sensitive data and more
- The first clean version of the identity services engine is 3.4
Cisco has published fixes for two critical severity vulnerabilities distressing its identity engine solution (ISE). Since faults can be abused to execute arbitrary orders and steal sensitive information, Cisco has urged its users to apply the fixes as soon as possible.
In a security notice, the networking giant first declared that it has corrected a “dereialization of Java byte flows supplied by the user” followed as CVE-2025-20124, and received a gravity score of 9, 9/10 (critic). By sending a personalized serialized java object to an assigned Cisco ISE API, an attacker could execute arbitrary orders and increase privileges.
The second defect is an authentication bypass, which occurs because an API has not carried out authorization checks, or the properly appropriate data provided by the User. A threat actor could send a malicious HTTP request to the API on the device to trigger it. This bug is followed as CVE-2025-20125 and received a 9.1 / 10 (critical) gravity score.
Authentication required
Although these faults seem dangerous, they are not so easy to exploit. Cisco said that threat actors should always be authenticated and with a single reading administration account.
Indeed, this means that withdrawing the attack is much more difficult, but not impossible. As The register Generally rated, cybercriminals can phish for the connection of identification information or simply buy it on the black market.
“It should be noted that the NCC group blamed last year’s push in ransomware attacks in part on compromised identification information, so it is not as if it was too difficult to obtain. The lampshadows can also abuse these holes, of course, “said the publication.
In any case, Cisco has already taken out of the fixes, so correcting them must be carried out as soon as possible. Versions 3.0 – 3.3 would have been vulnerable, so users should ensure that they bring their software to version 3.4, at least. The good news is that there is still no evidence of abuse in the wild.
Via The register