CVE-2025-20337

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (ISE) versions 3.3 and 3.4 Cisco ISE-PIC versions 3.3 and 3.4

Description A critical vulnerability exists in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input. This allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system with root privileges by submitting a crafted API request. No valid credentials are required for exploitation.

Recommendations Upgrade Cisco Identity Services Engine version 3.3 to Patch 7. Upgrade Cisco Identity Services Engine version 3.4 to Patch 2. Upgrade Cisco ISE-PIC version 3.3 to Patch 7. Upgrade Cisco ISE-PIC version 3.4 to Patch 2.