Cisco Patches Critical Vulnerability in Identity Services Engine

Cisco has issued a critical patch for a vulnerability in its Identity Services Engine (ISE), which could allow remote code execution with root privileges.

The vulnerability, tracked as CVE-2025-20337, is rated at CVSS 10, the highest severity level. According to Cisco's report, an attacker could exploit this flaw by submitting a crafted API request, which would grant them access to root privileges on an affected device.

Similar Flaw Already Addressed

Cisco has previously addressed a similar vulnerability, CVE-2025-20281, which affects Cisco ISE/ISE-PIC 3.3+. While the two vulnerabilities are distinct, they share a common cause: insufficient validation of user-supplied input.

Patch Availability and Recommendations

Cisco advises upgrading to an enhanced fixed release to address CVE-2025-20337. If you're running Release 3.4 Patch 2 of Cisco Identity Services Engine, no action is needed. However, devices on Release 3.3 Patch 6 require an upgrade to Patch 7.

Systems with hot patches ise-apply-CSCwo99449_3.3.0.430_patch4-SPA.tar.gz or ise-apply-CSCwo99449_3.4.0.608_patch1-SPA.tar.gz should be updated to Release 3.3 Patch 7 or 3.4 Patch 2, as these patches do not fix the vulnerability and have been withdrawn from Cisco's official distribution.

No Known Exploits in the Wild

The Cisco PSIRT (Proactive Security Information and Response Team) is not aware of any attacks in the wild exploiting these vulnerabilities.

Disclosure by Kentaro Kawane

The researcher Kentaro Kawane of GMO Cybersecurity disclosed the flaw CVE-2025-20337 through the Trend Micro Zero Day Initiative.

For the latest updates on Cisco's patch advisory, follow me on Twitter: @securityaffairs and Facebook and Mastodon (SecurityAffairs – hacking, Identity Services Engine).