Cisco Identity Services Engine (ISE) is vulnerable to two critical security flaws tracked as CVE-2025-20124 & CVE-2025-20125. Successful exploitation of the vulnerabilities may allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. An attacker must have valid read-only administrative credentials to successfully exploit the vulnerabilities.
