Critical Cisco ISE Flaw CVE-2025-20337 (CVSS 10.0) Allows Unauthenticated Root RCE – Patch Immediately
Do Son 
A critical vulnerability was found in Cisco Identity Services Engine (ISE) and Cisco ISE-PIC. Tracked as CVE-2025-20337, the flaw is rated a maximum CVSS score of 10, highlighting its severity and potential impact.
According to Cisco’s advisory, this vulnerability arises from “insufficient validation of user-supplied input” in a specific API. This means that an unauthenticated, remote attacker can execute arbitrary code on the underlying operating system with root privileges—without needing any credentials.
This flaw “could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root,” Cisco warns.
The vulnerability affects
- Cisco ISE 3.3 (Fixed in Patch 7)
- Cisco ISE 3.4 (Fixed in Patch 2)
This vulnerability does not impact Cisco ISE 3.2 or earlier versions, giving some relief to organizations still operating older systems. However, enterprises using more current iterations of ISE must patch immediately to avoid catastrophic consequences.
The vulnerability allows a bad actor to gain complete control over an affected system. By crafting a malicious API request, attackers could inject commands directly into the underlying OS and gain root access—bypassing all authentication controls entirely.
“An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device,” the advisory explains.
This type of exploit could be used to pivot deeper into internal networks, install malware, siphon off credentials, or disable access controls.
Cisco’s Product Security Incident Response Team (PSIRT) has issued patches for supported versions. While there is no indication of in-the-wild exploitation as of now, the severity of this vulnerability demands immediate attention from system administrators.
Related Posts:
- Critical Cisco ISE Cloud Vulnerability (CVSS 9.9) with PoC Exploit Threatens AWS, Azure, OCI
- RADIUS Risk: Unauthenticated Remote Attacker Can Crash Cisco ISE by Default
- Cisco Patches Two Vulnerabilities in CCP and ISE: Proof-of-Concept Exploits Publicly Available
- Cisco ISE/ISE-PIC Alert: Two Critical RCE Flaws (CVSS 10.0) Allow Unauthenticated Root Access
- Warning: CVE-2024-20469 in Cisco ISE with PoC Code Puts Networks at Risk
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
