Cisco’s ISE bugs could allow root-level command execution

Cisco is warning enterprise admins of two critical flaws within its identity and management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized privileges and run arbitrary commands on affected systems.

Tracked as CVE-2025-20124 and CVE-2025-20125, the flaws have received a critical severity rating of CVSS 9.9 and 9.1 out of 10, respectively.