Cisco revealed a high-severity security vulnerability, CVE-2025-20337, affecting Cisco Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC). This flaw enables unauthenticated remote attackers to execute arbitrary code with root privileges on affected systems due to insufficient user-input validation in a specific API. The vulnerability, given a CVSS score of 10.0, has been patched in releases 3.3 and 3.4 of ISE and ISE-PIC. Although the flaw has not yet been maliciously exploited, users are encouraged to update their systems to mitigate potential risks.
Multiple vulnerabilities in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit these vulnerabilities.
These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Collection
[
|
...
]