When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Cisco has released patches for two critical-severity vulnerabilities plaguing its Identity Services Engine (ISE) solution.
A threat actor could send a malicious HTTP request to the API on the machine to trigger it.
This bug is tracked as CVE-2025-20125, and was given a severity score of 9.1/10 (critical).
Authentication required
While these flaws sound dangerous, theyre not that easy to exploit.
Indeed, that means pulling the attack off is a lot more difficult, but still not impossible.
AsThe Registerproperly noted, cybercriminals can phish forlogin credentials, or simply buy them off the black market.
Rogue insiders can also abuse these holes, of course, the publication said.
The good news is that there is still no evidence of abuse in the wild.
