Cisco has announced that three critical remote code execution vulnerabilities in its Identity Services Engine (ISE) are being actively exploited, requiring urgent updates from users. The flaws, which allow attackers to execute commands and upload malicious files without authentication, have been assigned a maximum severity rating and must be addressed through specific software patches. Users of ISE 3.3 and 3.4 are advised to upgrade immediately to mitigate risks.

Cisco has issued security updates for a critical zero-day vulnerability (CVE-2025-20352) in its IOS and IOS XE Software, which is actively being exploited. The flaw allows remote attackers to execute code on vulnerable systems or cause denial-of-service conditions, prompting Cisco to recommend immediate upgrades to secure software versions.