Particle.news
Download on the App Store
3 ARTICLES
·
3d ago

Proof-of-Concept Exploit Revealed for Critical Cisco ISE Vulnerabilities as CISA Sets August 18 Patch Deadline

The exploit’s release follows Cisco’s confirmation of active in-the-wild attacks with federal agencies required to remediate by August 18

Image

Overview

  • Researcher Bobby Gould published a complete exploit chain on July 28 demonstrating an unauthenticated root takeover via unsafe deserialization and command injection in Cisco ISE’s enableStrongSwanTunnel method.
  • The critical vulnerabilities CVE-2025-20281 and CVE-2025-20337 impact Cisco Identity Services Engine and its Passive Identity Connector versions 3.3 and 3.4 and carry maximum CVSS scores.
  • Cisco issued hotfixes in early July, advising updates to ISE 3.3 Patch 7 and 3.4 Patch 2, and confirmed active exploitation of both flaws on July 22.
  • CISA added the Cisco ISE vulnerabilities to its Known Exploited Vulnerabilities catalog on July 28 and mandated federal remediation by August 18 under Binding Operational Directive 22-01.
  • With no workarounds available and detailed exploit information now public, organizations face heightened risk and are urged to apply Cisco’s patches immediately.