Cisco has issued an urgent security advisory regarding a critical vulnerability in its Identity Services Engine (ISE), rated 10 out of 10 on the severity scale, which allows unauthenticated attackers to execute arbitrary commands and gain root privileges. The flaw, identified as CVE-2025-20337, stems from inadequate validation of user-supplied input. This vulnerability was discovered by Kentaro Kawane from GMO Cybersecurity and reported through Trend Micro’s Zero Day Initiative.
The vulnerability is triggered via a specially crafted API request, potentially enabling attackers to store malicious files on affected devices. Cisco warns that this issue affects ISE and ISE-PIC versions 3.3 and 3.4. Furthermore, it is crucial to note that simply applying patches for previously known vulnerabilities CVE-2025-20281 and CVE-2025-20282 does not mitigate the risks posed by CVE-2025-20337. Customers must upgrade to ISE 3.3 Patch 7 or ISE 3.4 Patch 2 to ensure protection against this severe vulnerability.
While no exploitation of this vulnerability has been reported in the wild as of now, Cisco emphasizes the importance for system administrators to take immediate action. The company has also released information highlighting that the previous versions, including ISE 3.2 and earlier, are not affected by these flaws. Nonetheless, it is imperative for all users to assess their risk exposure and update their systems accordingly.
In addition to addressing the critical ISE vulnerability, Cisco unveiled four advisories detailing less severe vulnerabilities affecting various products. These include the high-severity CVE-2025-20274, which allows authenticated users of Cisco Unified Intelligence Center to upload potentially malicious files, and medium-severity vulnerabilities identified as CVE-2025-20272 and CVE-2025-20288, involving SQL injection and Server-Side Request Forgery (SSRF), respectively. Customers are encouraged to review these advisories and implement necessary updates to maintain security.