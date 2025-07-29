Observed intrusions exploiting a pair of maximum severity injection flaws impacting Cisco's Identity Services Engine, tracked as CVE-2025-20281 and CVE-2025-20337, and another cross-site request forgery bug affecting PaperCut NG/MF, tracked as CVE-2025-2533, have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports Security Affairs.
All federal agencies have been ordered to address the security defects by August 18. While CVE-2025-20281 could be exploited to facilitate remote code execution through a vulnerable API, attackers could leverage CVE-2025-20337 to enable arbitrary code execution with root privileges, according to Cisco. "Multiple vulnerabilities in Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user," said Cisco. On the other hand, intrusions involving the PaperCut NG/MF vulnerabilty could allow security setting modifications, arbitrary code execution, and session takeovers.
