← Back to CVEs
CVE-2025-20337
CRITICALCISA KEV10.0
Description
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/16/2025
Last Modified10/28/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorCisco
ProductIdentity Services Engine
Vulnerability NameCisco Identity Services Engine Injection Vulnerability
KEV Date Added2025-07-28
Remediation Due Date2025-08-18
Ransomware UseUnknown
Affected Products
cisco:identity_services_enginecisco:identity_services_engine_passive_identity_connector
Weaknesses (CWE)
CWE-74
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6(psirt@cisco.com)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20337(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.