Remote Code Execution Vulnerability in Cisco Identity Services Engine
CVE-2025-20337

10CRITICAL

Key Information:

Vendor

Cisco
Status
Cisco Identity Services Engine Software
Cisco Ise Passive Identity Connector
Vendor
CVE Published:
16 July 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-20337?

CVE-2025-20337 is a critical vulnerability found in the Cisco Identity Services Engine (ISE) and its associated Profile Identity Connector (ISE-PIC). Cisco ISE is a powerful network security policy management platform used for identity-based access control, enabling organizations to manage devices and users on their networks effectively. This vulnerability, identified in its specific API, allows unauthenticated remote attackers to execute arbitrary code on the underlying operating system. The flaw arises from insufficient validation of user-supplied inputs, meaning that an attacker can exploit this vulnerability without needing any valid credentials. This capability to gain root privileges on affected devices poses a severe risk to organizations that rely on Cisco ISE for secure access management.

Potential impact of CVE-2025-20337

  1. Unauthorized Access and Control: The ability for attackers to execute arbitrary code as root means they could gain complete control over the affected systems. This unauthorized access can lead to manipulation of network policies, data breaches, and overall compromise of the network’s integrity.

  2. Widespread System Vulnerability: Given that Cisco ISE is widely deployed in enterprise environments for identity and access management, the potential impact extends across numerous networks. If exploited, it could create a domino effect, allowing attackers to pivot to other devices within the network, thereby escalating the scale of the breach.

  3. Operational Disruption: Successful exploitation of this vulnerability could lead to significant operational disruptions. Attackers may deploy malicious payloads that can alter configurations, disrupt services, or even execute ransomware, potentially leading to costly downtime and recovery efforts for affected organizations.

Affected Version(s)

Cisco Identity Services Engine Software 3.3.0

Cisco Identity Services Engine Software 3.3 Patch 2

Cisco Identity Services Engine Software 3.3 Patch 1

News Articles

favicon imageThe Hacker News

Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

Cisco's CVE-2025-20337 flaw exposes ISE to root access via API exploit. Affects releases 3.3 & 3.4.

6 hours ago

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 📰

    First article discovered by The Hacker News

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-20337 : Remote Code Execution Vulnerability in Cisco Identity Services Engine