Ref# ADV2025_208 | Date: Jul 17th 2025

---

Cisco has published a security advisory highlighting vulnerabilities in the following products on July 16th, 2025. It is recommended that you take the necessary precautions by ensuring your products are always updated. 

• Cisco Unified Intelligence Center – versions 12.5, 12.6 and 15 
• Cisco Unified CCX – versions prior to 12.5(1)SU3 
• Cisco Identity Services Engine (ISE) – versions prior to 3.2, versions 3.3 and 3.4 
• Cisco ISE Passive Identity Connector (ISE-PIC) – versions prior to 3.2, versions 3.3 and 3.4 
• Cisco Evolved Programmable Network Manager (EPNM) – versions prior to 7.1, versions 8.0 and 8.1 
• Cisco Prime Infrastructure – versions prior to 3.9 and version 3.10 

For more information on these updates, you can follow these URLs: 

• Cisco Unified Intelligence Center Arbitrary File Upload Vulnerability 
• Cisco Identity Services Engine Authenticated Remote Code Execution and Authorization Bypass Vulnerabilities 
• Cisco Prime Infrastructure and Evolved Programmable Network Manager Blind SQL Injection Vulnerability 
• Cisco Unified Intelligence Center Server-Side Request Forgery Vulnerability 

The Guyana National CIRT recommends that users and administrators review these updates and apply them where necessary.

PDF Download: Cisco Security Advisory

References 

• Cisco Security Advisories. (July 16th, 2025). Retrieved from Cisco. https://tools.cisco.com/security/center/publicationListing.x 
• Cisco Security Advisory. (July 16th, 2025). Retrieved from Canadian Centre for Cyber Security. https://www.cyber.gc.ca/en/alerts-advisories/cisco-security-advisory-av25-428