TL;DR 📌

Multiple stored cross-site scripting (XSS) vulnerabilities have been identified in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). These vulnerabilities could allow authenticated attackers to modify configurations or execute malicious scripts. Software updates are available to address these issues, but no workarounds exist.

What happened 🕵️‍♂️

Cisco has disclosed multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). These vulnerabilities could allow an authenticated, remote attacker to conduct stored XSS attacks or modify device configurations. The vulnerabilities stem from insufficient validation of user input and lack of server-side validation of administrator permissions.

TL;DR 📌

• Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds…
• No fixed release listed yet; apply mitigations and monitor.
• Workarounds are documented in the advisory.
• CVEs: CVE-2025-20282, CVE-2025-20281, CVE-2025-20337.

What happened 🕵️‍♂️

The vulnerabilities are not dependent on one another. Exploitation of one of the vulnerabilities is not required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities.