[Vulnerability Alert] Significant Security Vulnerability in Cisco's Identity Service (CVE-2025-20337)

• Subject: [Vulnerability Alert] Significant Security Vulnerability in Cisco's Identity Service (CVE-2025-20337)

• Content:
  • Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000012
  • Cisco Identity Services Engine (ISE) is an identity-based security management platform that collects information from networks and user devices, and enforces policies and makes regulatory decisions within the network infrastructure. Cisco has released a major security vulnerability advisory (CVE-2025-20337, CVSS: 10.0) and released updated versions. This vulnerability exists in specific APIs of Cisco ISE and Cisco ISE-PIC. Attackers can exploit this vulnerability without any valid credentials, allowing unauthenticated remote attackers to execute arbitrary code as root on the underlying operating system.
• Affected Platforms:
  • Cisco ISE and ISE-PIC versions 3.3, 3.4
• Recommended Action:
  • Apply patches according to the solutions released on the official website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
• References:
  • https://www.twcert.org.tw/tw/cp-169-10251-d9034-1.html

Computer and Communications Center
Network Systems Group