Jason Soroko, senior fellow at Sectigo, is more worried about the blast radius of a potential exploit. “ISE sits at the very edge of trust for many campus networks, and a breach can rewrite access policies, move endpoints between VLANs, and open pivots into every segment,” he said. “The vulnerable API is often reachable from broad internal address ranges, sometimes even guest Wi-Fi, and ISE patching requires disruptive maintenance windows.”
Active targeting feels likely because the flaws (CVE-2025-20281) already attracted public proof-of-concept exploits and scan traffic within days, Soroko added.
For additional protection, Barr recommends using specialized API security solutions that can detect and block anomalous API activity in real time, provide endpoint-risk scoring, and stop automated scanning and payload delivery.
