Cisco: Attackers Targeting Identity Services Engine Customers With Maximum-Severity Flaw

The tech giant says it is ‘aware of attempted exploitation’ of vulnerabilities with a maximum severity score that impact its Identity Services Engine platform.

Cisco Systems disclosed that it is “aware of attempted exploitation” of vulnerabilities with a maximum severity score that impact its Identity Services Engine platform.

The tech giant provided the details in an update Monday to a previously released advisory about the vulnerabilities (tracked at CVE-2025-20281, CVE-2025-20337 and CVE-2025-20282).

[Related: This Is ‘Just The Beginning’ Of Threats From Microsoft SharePoint Flaw: Researchers]

The vulnerabilities can enable unauthenticated remote code execution and have been awarded a maximum severity score of 10.0 out of 10.0.

Cisco updated its advisory to “indicate active exploitation attempts in the wild,” observed by its Product Security Incident Response Team (PSIRT).

“In July 2025, the Cisco PSIRT became aware of attempted exploitation of some of these vulnerabilities in the wild,” Cisco said in the advisory update.

The update stops short of confirming that compromises have already occurred using the vulnerability but suggests that successful exploitation is likely and that patching should take priority as a result.

“Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities,” Cisco said in the advisory update.

The advisory, which had originally been released June 25, was updated after Cisco PSIRT was “made aware of reported attempted exploitation of CVE-2025-20281 and CVE-2025-20337, critical vulnerabilities which impact specific versions of Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) software,” Cisco said in a statement provided to CRN Tuesday.

“Based on these reports, we updated our security advisory to reflect the attempted exploitation,” the company said in the statement. “At this time, we are not aware of any attempted exploitation or malicious use of CVE-2025-20282, and we continue to strongly recommend that customers upgrade to fixed software releases that remediate these vulnerabilities.”