[Vulnerability Alert] Significant Security Vulnerability in Cisco's Identity Service (CVE-2025-20337)

Date Posted: 2025/07/18

Subject: [Vulnerability Alert] Significant Security Vulnerability in Cisco's Identity Service (CVE-2025-20337)

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000012
- Cisco Identity Services Engine (ISE) is an identity-based security management platform that collects information from networks and user devices, and enforces policies and makes regulatory decisions within the network infrastructure. Cisco has released a major security vulnerability advisory (CVE-2025-20337, CVSS: 10.0) and released updated versions. This vulnerability exists in specific APIs of Cisco ISE and Cisco ISE-PIC. Attackers can exploit this vulnerability without any valid credentials, allowing unauthenticated remote attackers to execute arbitrary code as root on the underlying operating system.
Affected Platforms:
- Cisco ISE and ISE-PIC versions 3.3, 3.4
Recommended Action:
- Apply patches according to the solutions released on the official website: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
References:
- https://www.twcert.org.tw/tw/cp-169-10251-d9034-1.html

Computer and Communications Center
Network Systems Group