March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Fake Google Chrome Websites Spreading ValleyRAT Malware Through DLL Hijacking – Active IOCs
February 7, 2025Multiple Cisco Identity Services Engine Vulnerabilities
February 7, 2025Fake Google Chrome Websites Spreading ValleyRAT Malware Through DLL Hijacking – Active IOCs
February 7, 2025Multiple Cisco Identity Services Engine Vulnerabilities
February 7, 2025
Severity
High
Analysis Summary
Cisco has released security updates to patch two critical vulnerabilities in its Identity Services Engine (ISE), which could allow remote attackers to execute arbitrary commands and escalate privileges.
The first flaw, CVE-2025-20124 (CVSS 9.9), is an insecure Java deserialization vulnerability that enables an authenticated attacker to execute commands as the root user. The second flaw, CVE-2025-20125 (CVSS 9.1), is an authorization bypass issue that allows attackers with read-only credentials to access sensitive data, modify configurations, and restart nodes. Both vulnerabilities can be exploited via crafted Java objects or HTTP requests to an unspecified API endpoint.
Cisco has clarified that these vulnerabilities are independent and do not have any available workarounds. However, they have been addressed in the latest software updates. Users of ISE 3.0 must migrate to a fixed release, while patches are available for ISE 3.1 (P10), ISE 3.2 (P7), and ISE 3.3 (P4). The ISE 3.4 version is confirmed not to be vulnerable. These flaws were discovered and responsibly disclosed by Deloitte security researchers Dan Marin and Sebastian Radulea.
Cisco has not detected any active exploitation, users are strongly advised to update their systems immediately to prevent potential attacks. Given the severity of these vulnerabilities, organizations relying on Cisco ISE should prioritize applying the patches to mitigate the risks of privilege escalation and remote code execution.
Impact
- Security Bypass
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-20124
CVE-2025-20125
Remediation
- Upgrade to the latest Patched Version.
- Limit access to API endpoints to trusted users and networks.
- Regularly check system logs for unauthorized configuration changes or unusual API calls.
- Restrict user permissions to minimize the impact of potential exploits.
- Isolate critical infrastructure to reduce the attack surface.
- Regularly check Cisco’s security advisories for any new patches or mitigation steps.