CVE-2025-20337
Published: 16 July 2025
Summary
CVE-2025-20337 is a critical-severity Injection (CWE-74) vulnerability in Cisco Identity Services Engine. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 19.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).
Deeper analysis
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC allows an unauthenticated remote attacker to execute arbitrary code as root on the underlying operating system. The flaw stems from insufficient validation of user-supplied input and carries a CVSS score of 10.0.
An attacker can exploit the issue by submitting a crafted API request without any credentials, achieving full root-level control over an affected device. The attack requires no user interaction and can be launched over the network.
The Cisco Security Advisory cisco-sa-ise-unauth-rce-ZAd2GnJ6 and the CISA Known Exploited Vulnerabilities catalog both address the issue, confirming active exploitation in the wild. The associated EPSS score has remained flat at 0.0135 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-21708
Vulnerability details
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this…
more
vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
- CWE(s)
- KEV Date Added
- 28 July 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated RCE on public-facing Cisco ISE API with root privileges via crafted input (CWE-74).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and patching of the specific flaw causing insufficient input validation in the Cisco ISE API, preventing arbitrary code execution.
Directly enforces comprehensive input validation mechanisms at API entry points to block crafted requests leading to root-level RCE.
Mandates regular vulnerability scanning to detect this critical CVE in Cisco ISE, enabling prompt flaw remediation before exploitation.