CVE-2025-20281 - Geek Feed

Exploit available for critical Cisco ISE bug exploited in attacks

July 31, 2025July 31, 2025 geekfeed0Tagged Actively Exploited, cisco, Cisco ISE, Command Injection, CVE-2025-20281, exploit, poc, Proof of Concept, vulnerability

Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). The critical vulnerability was first disclosed on June 25, 2025, with Cisco warning that it impacts ISE and ISE-PIC versions 3.3 and 3.4, allowing unauthenticated, remote attackers to […]

2 mins read

Cisco: Maximum-severity ISE RCE flaws now exploited in attacks

July 24, 2025July 24, 2025 geekfeed0Tagged Actively Exploited, cisco, Cisco ISE, CVE-2025-20281, CVE-2025-20282, CVE-2025-20337, rce, Remote Code Execution, Security Advisory, vulnerability

Cisco is warning that three recently patched critical remote code execution vulnerabilities in Cisco Identity Services Engine (ISE) are now being actively exploited in attacks. Although the vendor did not specify how they were being exploited and whether they were successful, applying the security updates as soon as possible is now critical. “In July 2025, the […]

2 mins read

Cisco warns of max severity RCE flaws in Identity Services Engine

June 29, 2025June 29, 2025 geekfeed0Tagged Authentication Bypass, cisco, Cisco ISE, CVE-2025-20281, CVE-2025-20282, Remote Code Execution, vulnerability

Cisco has published a bulletin to warn about two critical, unauthenticated remote code execution (RCE) vulnerabilities affecting Cisco Identity Services Engine (ISE) and the Passive Identity Connector (ISE-PIC). The flaws, tracked under CVE-2025-20281 and CVE-2025-20282, are rated with max severity (CVSS score: 10.0). The first impacts ISE and ISE-PIC versions 3.4 and 3.3, while the second affects only […]

2 mins read