PT-2025-29858 · Cisco · Cisco Ise-Pic +1

Kentaro Kawane

·

Published

2025-06-25

·

Updated

2025-09-07

·

CVE-2025-20337

Report an issue
CVSS v3.1
10
VectorAV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

**Name of the Vulnerable Software and Affected Versions:**

Cisco Identity Services Engine (ISE) and Cisco ISE-Passive Identity Connector (ISE-PIC) versions 3.3 and 3.4

**Description:**

A critical vulnerability exists in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input. This allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. Exploitation can be achieved by submitting a crafted API request.

**Recommendations:**

Upgrade to ISE version 3.3 Patch 7 or ISE version 3.4 Patch 2.

Fix

RCE

Special Elements Injection

Weakness Enumeration

CWE-74

Related Identifiers

BDU:2025-08631
CVE-2025-20337
ZDI-25-607

Affected Products

Cisco Ise
Cisco Ise-Pic