Cisco has launched enhancements to mitigate two severe security vulnerabilities in the Identity Services Engine (ISE) that may enable distant attackers to run arbitrary commands and escalate privileges on vulnerable devices.
The weaknesses are detailed as follows –

CVE-2025-20124 (CVSS score: 9.9) – A flawed Java deserialization issue in an API of Cisco ISE that might allow an authenticated, remote