Cisco patches critical security issues, so update now
Posted by:
Emma Walker
Cisco has released patches to address two critical vulnerabilities in its Identity Services Engine (ISE) software. The vulnerabilities could potentially lead to remote code execution and unauthorized access to sensitive data. The first flaw, CVE-2025-20124, involves a vulnerability in the deserialization of user-supplied Java byte streams, allowing attackers to execute arbitrary commands. The second flaw, CVE-2025-20125, is an authentication bypass bug that could be exploited by sending a malicious HTTP request to the affected API. Although the vulnerabilities require authentication to exploit, they pose serious security risks. To mitigate these risks, Cisco users are advised to apply the patches promptly and update their software to version 3.4. Cisco has taken proactive measures to address these issues, and there have been no reported incidents of exploitation in the wild.
Recent Posts1
