Cisco Alerts Users to Critical ISE Vulnerability Allowing Unauthenticated Root Access
On July 17, 2025, Cisco revealed a critical security flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could enable attackers to execute arbitrary code on the operating system with elevated privileges. Labeled CVE-2025-20337, this vulnerability has a CVSS score of 10.0 and is akin to CVE-2025-20281, which was resolved by Cisco last month.
According to Cisco’s advisory, “Multiple vulnerabilities in a specific API of Cisco ISE and ISE-PIC could permit an unauthenticated, remote attacker to execute arbitrary code as root without requiring any valid credentials.” The vulnerabilities stem from inadequate validation of user-supplied input, allowing an attacker to exploit them through specially crafted API requests. A successful exploit could result in extensive control over the affected systems.
Cisco Issues Urgent Alert on High-Severity Vulnerability in ISE Software July 17, 2025 Vulnerability / Network Security Cisco has recently unveiled a serious security vulnerability affecting its Identity Services Engine (ISE) and the Cisco ISE Passive Identity Connector (ISE-PIC). Officially…