Cisco, PaperCut Vulnerabilities: CISA Orders Federal Agencies to Patch by August 18
Cisco and PaperCut have discovered critical vulnerabilities in their Identity Services Engine (ISE) and PaperCut NG/MF software. The Cybersecurity and Infrastructure Security Agency (CISA) has added these flaws to its Known Exploited Vulnerabilities catalog and ordered federal agencies to fix them by August 18, 2025.
The vulnerabilities, CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337 in Cisco ISE/ISE-PIC, allow unauthenticated remote attackers to execute code as root. Additionally, a Cross-Site Request Forgery (CSRF) vulnerability, CVE-2023-2533, in PaperCut NG/MF could potentially let attackers alter security settings or run arbitrary code.
Companies using these systems are at risk. CISA warns that these vulnerabilities are actively exploited, posing urgent threats to businesses worldwide. Affected systems include Adminer, Adobe Commerce, databases, network operating systems, email gateways, and file transfer platforms.
CISA's order requires federal agencies to address these vulnerabilities by August 18, 2025. Companies using Cisco ISE, PaperCut NG/MF, and other affected systems should prioritize patching to mitigate these critical risks.
Read also:
- Bishkek: A Time-Capsule City of Soviet Statues and Architecture
- Mitsubishi Electric Acquires Nozomi Networks for $883M in Industrial Cybersecurity Boost
- Strengthening Defense against Multi-faceted menaces in the Age of Authority-driven Technology
- Industries Under Jeopardy Due to Multi-Accounting: Prevention Strategies Revealed in 2024
