4 min read
By: RedLegg's Cyber Threat Intelligence Team
About:
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES
Cisco ISE Unauthenticated Remote Code Execution via API Injection
CVSS Score: 10.0 (Critical)
Identifier: CVE-2025-20337
Exploit or POC: No
Update: CVE-2025-20337 – Cisco Security Advisory
Description: CVE-2025-20337 is a critical vulnerability in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) versions 3.3 and 3.4. The flaw arises from insufficient validation of user-supplied input in an internal API, allowing an unauthenticated, remote attacker to submit crafted requests that result in arbitrary command execution as the root user. Exploitation requires no authentication and can lead to full system compromise.
Affected versions include:
- Cisco ISE 3.3 (prior to Patch 7)
- Cisco ISE 3.4 (prior to Patch 2)
Although no confirmed exploitation has been seen in the wild, the vulnerability is highly critical and could be rapidly leveraged by attackers due to its ease of exploitation and impact.
Mitigation Recommendation: Upgrade immediately to Cisco ISE 3.3 Patch 7 or 3.4 Patch 2 (or later). Restrict access to management interfaces until patched, monitor for unusual activity, and validate system integrity post-upgrade. Patching remains the only effective mitigation strategy.
