Cisco Releases Critical Security Updates to Address Multiple Vulnerabilities In ISE, Webex & Other Products

Cisco has recently released security updates with patches across several of its software products to address a series of vulnerabilities that could potentially impact the security and stability of network infrastructures and collaboration tools.

These updates target issues ranging from denial-of-service (DoS) attacks and privilege escalation to cross-site scripting and command injection. The most urgent updates that should be applied as soon as possible address two high-severity vulnerabilities:

• A high-severity DoS vulnerability (CVE-2025-20152) in Cisco Identity Services Engine (ISE), which if exploited could cause device reloads from custom RADIUS requests. This could disrupt network operations if exploited.
• Another severe privilege escalation flaw (CVE-2025-20113 & CVE-2025-20114) in the Cisco Unified Intelligence Center, which could allow regular users to escalate privileges to root-level administrator privileges.

In addition to these critical issues, Cisco has patched several medium-severity vulnerabilities for other products. These include cross-site scripting (XSS) flaws in Cisco Webex services, which could potentially allow an attacker to persuade a user to follow malicious links and execute harmful scripts within their browsers. Webex Meetings also faced a cache poisoning vulnerability, where malicious HTTP requests could manipulate cached responses, potentially causing users to receive incorrect or malicious data during meetings. And in Duo Self-Service Portal, a command injection vulnerability was resolved where if exploited allowed an unauthenticated attacker to inject malicious commands into emails sent by the service—potentially leading to email-based attacks or system compromise.

For a full list of vulnerabilities and detailed remediation steps, visit Cisco’s official security advisories page here.