Cisco’s ISE bugs could allow root-level command execution | CSO Online

Cisco is warning enterprise admins of two critical flaws in its Identity Services Engine (ISE) that could allow attackers to escalate privileges and run arbitrary commands on affected systems. The flaws, CVE-2025-20124 and CVE-2025-20125, impact all versions of ISE and ISE-PIC appliances before v3.4. Cisco recommends updating to the latest version or contacting Cisco TAC for fixes.