Cyber threat actors are exploiting previously disclosed vulnerabilities in Cisco Identity Service Engine (ISE) and Cisco ISE Passive Identity Connector. CVE-2025-20281 (CVSSv3 10/10) and CVE-2025-20337  (CVSSv3 10/10) were first disclosed in June, and reports of exploitation began around July 17. Exploiting the vulnerabilities could allow unauthenticated, remote threat actors to execute arbitrary code. A third vulnerability, CVE-2025-20282 (CVSSv3 10/10), was disclosed July 16, though there is no indication of exploitation at this time. Cisco advises customers to update as soon as possible after appropriate testing, as there are no workarounds.