The tech giant says it is ‘aware of attempted exploitation’ of vulnerabilities with a maximum severity score that impact its Identity Services Engine platform.
Cisco Systems disclosed that it is “aware of attempted exploitation” of vulnerabilities with a maximum severity score that impact its Identity Services Engine platform.
The tech giant provided the details in an update Monday to a previously released advisory about the vulnerabilities (tracked at CVE-2025-20281, CVE-2025-20337 and CVE-2025-20282).
[Related: This Is ‘Just The Beginning’ Of Threats From Microsoft SharePoint Flaw: Researchers]
The vulnerabilities can enable unauthenticated remote code execution and have been awarded a maximum severity score of 10.0 out of 10.0.
Cisco updated its advisory to “indicate active exploitation attempts in the wild,” observed by its Product Security Incident Response Team (PSIRT).
“In July 2025, the Cisco PSIRT became aware of attempted exploitation of some of these vulnerabilities in the wild,” Cisco said in the advisory update.
The update stops short of confirming that compromises have already occurred using the vulnerability but suggests that successful exploitation is likely and that patching should take priority as a result.
“Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities,” the company said in the advisory, which had originally been released June 25.
CRN has reached out to Cisco for further comment.
