Unauthenticated Remote Code Execution in Cisco ISE (CVE-2025-20337)

Overview

• CVE: CVE-2025-20337

• Severity: CRITICAL

• Score: 10.0

• Date: 17 July 2025

Cisco has disclosed a critical unauthenticated remote code execution (RCE) vulnerability in Identity Services Engine (ISE) and ISE-PIC. The flaw allows a remote attacker to execute arbitrary commands as the root user without any credentials. Exploitation occurs via crafted API requests and affects core identity infrastructure.

Affected Versions

• Cisco ISE 3.3 and earlier (pre-Patch 7)

• Cisco ISE 3.4 (pre-Patch 2)

• ISE-PIC equivalent builds

Vulnerability Breakdown

CVE-2025-20337

Description: Insufficient input validation in ISE APIs.

Score: CVSS 10.0

Impact: Complete remote system takeover as root, unauthenticated.

Risk: Immediate risk to enterprise network access and identity services.

Mitigation

Upgrade immediately to:

• Cisco ISE 3.4 Patch 2 or later

• Cisco ISE 3.3 Patch 7 + hotfix

No workarounds exist. Ensure management interfaces are not exposed to untrusted networks.

Summary for IT Teams

Products: Cisco ISE, ISE-PIC

Threat Level: Critical

Action:

• Patch to safe versions immediately

• Audit firewall rules to restrict API and admin access

• Monitor for unusual authentication or API traffic

References

• Cisco Security Advisory

• CVE