- 159/2025
- Critical
Cisco has released security updates to fix several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the attacker to perform server-side request forgery attacks, bypass security restrictions, obtain sensitive information, execute arbitrary code, and gain access to the affected systems.
Sample of addressed vulnerabilities:
1. Cisco ISE API Unauthenticated Remote Code Execution Vulnerability (CVE- 2025-20337):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerability (CVE-2025-20283):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- Cisco Unified Intelligence Center.
- Cisco Identity Services.
- Cisco Prime Infrastructure.
- Cisco Evolved Programmable Network Manager.
Vulnerabilities
- CVE-2025-20288
- CVE-2025-20283
- CVE-2025-20285
- CVE-2025-20272
- CVE-2025-20281
- CVE-2025-20282
- CVE-2025-20284
- CVE-2025-20274
- CVE-2025-20337
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.