A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices.
The security issue received the maximum severity rating, 10 out of 10, and is caused by insufficient user-supplied input validation checks.
It was discovered by Kentaro Kawane, a researcher at the Japanese cybersecurity service GMO Cybersecurity by Ierae, and reported Trend Micro's Zero Day Initiative (ZDI).
A remote unauthenticated attacker could leverage it by submitting a specially crafted API request
The vulnerability was added via an update to the security bulletin for CVE-2025-20281 and CVE-2025-20282, two similar RCE vulnerabilities that also received the maximum severity score, that impact ISE and ISE-PIC versions 3.4 and 3.3.
"These vulnerabilities affect Cisco ISE and ISE-PIC releases 3.3 and 3.4, regardless of device configuration," the vendor notes for CVE-2025-20281 and CVE-2025-20337, adding that "these vulnerabilities do not affect Cisco ISE and ISE-PIC Release 3.2 or earlier."
Any of the three security issues can be exploited independently.
Cisco also warns that customers who applied the patches for CVE-2025-20281 and CVE-2025-20282 are not covered from CVE-2025-20337, and need to upgrade to ISE 3.3 Patch 7 or ISE 3.4 Patch 2.
The product versions below are the only ones currently confirmed to address all three maximum severity vulnerabilities. Workarounds or other mitigations are not available.
Although no exploitation of any of the three vulnerabilities has been observed in the wild as of yet, it is recommended that system administrators take immediate action to mitigate the risks.
... continue reading