Week 26 – What if the zero-trust provider can’t be trusted?
23 – 29 June 2025
The blast radius of a compromised security solution is always massive — just like the Cisco ISE API vulnerabilities featured in this post from our CVE of the Week series.
Cisco’s ISE (Identity Services Engine) is the Network Access Control solution from the San Francisco-based networking industry giant. Among its many features, it delivers enhanced visibility into your connected devices and enforces strict access policies, providing a central decision point to achieve a zero-trust infrastructure.
The two weaknesses, tagged as CVE-2025-20281 and CVE-2025-20282, both allow an unauthenticated remote attacker to execute arbitrary commands on ISE servers, meaning you can now place 𝘻𝘦𝘳𝘰 𝘵𝘳𝘶𝘴𝘵 in your zero-trust provider. Ironic, isn’t it?
Getting a bit more technical, the first vulnerability is due to insufficient validation of user-supplied input, a common mistake that usually leads to bad outcomes. The bad outcome here is the threat actor’s ability to execute any OS command as root by sending a malicious API request to the ISE server. The second one begins with an arbitrary file upload caused by inadequate path validation, enabling an attacker to place executable files in critical system directories, ultimately leading to another root RCE vector.
According to Cisco, there is no known workaround, nor have any exploits or IoCs been published at the time of writing. However, patches have already been released, so if you are a network admin running ISE instances, apply them as soon as possible to prevent abuse.
You can find the official advisory by Cisco here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.