Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-20337
PUBLISHED
More InfoOfficial Page
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
View Known Exploited Vulnerability (KEV) details
Published At-16 Jul, 2025 | 16:17
Updated At-26 Feb, 2026 | 17:50
Rejected At-
▼CVE Numbering Authority (CNA)
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Affected Products
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco Identity Services Engine Software
Default Status
unknown
Versions
Affected
  • 3.3.0
  • 3.3 Patch 2
  • 3.3 Patch 1
  • 3.3 Patch 3
  • 3.4.0
  • 3.3 Patch 4
  • 3.4 Patch 1
  • 3.3 Patch 5
  • 3.3 Patch 6
Vendor
Cisco Systems, Inc.Cisco
Product
Cisco ISE Passive Identity Connector
Default Status
unknown
Versions
Affected
  • 3.2.0
  • 3.1.0
  • 3.3.0
  • 3.4.0
Problem Types
TypeCWE IDDescription
cweCWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Type: cwe
CWE ID: CWE-74
Description: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits

In July 2025, the Cisco PSIRT became aware of attempted exploitation of this vulnerability in the wild. Cisco continues to strongly recommend that customers upgrade to a fixed software release to remediate these vulnerabilities.

Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
N/A
Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
kev
dateAdded:
2025-07-28
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20337
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2025-20337 added to CISA KEV2025-07-28 00:00:00
Event: CVE-2025-20337 added to CISA KEV
Date: 2025-07-28 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20337
government-resource
Hyperlink: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20337
Resource:
government-resource
Details not found