Remote Code Execution Vulnerability in Cisco Identity Services Engine
CVE-2025-20337
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 16 July 2025
Badges
What is CVE-2025-20337?
CVE-2025-20337 is a critical vulnerability found in the Cisco Identity Services Engine (ISE) and its associated Profile Identity Connector (ISE-PIC). Cisco ISE is a powerful network security policy management platform used for identity-based access control, enabling organizations to manage devices and users on their networks effectively. This vulnerability, identified in its specific API, allows unauthenticated remote attackers to execute arbitrary code on the underlying operating system. The flaw arises from insufficient validation of user-supplied inputs, meaning that an attacker can exploit this vulnerability without needing any valid credentials. This capability to gain root privileges on affected devices poses a severe risk to organizations that rely on Cisco ISE for secure access management.
Potential impact of CVE-2025-20337
-
Unauthorized Access and Control: The ability for attackers to execute arbitrary code as root means they could gain complete control over the affected systems. This unauthorized access can lead to manipulation of network policies, data breaches, and overall compromise of the network’s integrity.
-
Widespread System Vulnerability: Given that Cisco ISE is widely deployed in enterprise environments for identity and access management, the potential impact extends across numerous networks. If exploited, it could create a domino effect, allowing attackers to pivot to other devices within the network, thereby escalating the scale of the breach.
-
Operational Disruption: Successful exploitation of this vulnerability could lead to significant operational disruptions. Attackers may deploy malicious payloads that can alter configurations, disrupt services, or even execute ransomware, potentially leading to costly downtime and recovery efforts for affected organizations.
CISA has reported CVE-2025-20337
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-20337 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Cisco Identity Services Engine Software 3.3.0
Cisco Identity Services Engine Software 3.3 Patch 2
Cisco Identity Services Engine Software 3.3 Patch 1
News Articles
CISA Adds Three Known Exploited Vulnerabilities to Catalog | CISA
CISA has added three new vulnerabilities to its KEV Catalog, based on evidence of active exploitation
1 week ago
U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco ISE and PaperCut flaws to its Known Exploited Vulnerabilities catalog.
1 week ago
Cisco confirms active exploitation of ISE and ISE-PIC flaws
Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025.
2 weeks ago
References
CVSS V3.1
Timeline
- 🦅
CISA Reported
- 📰
First article discovered by The Hacker News
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved