CVE-2025-20337
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- October 10, 2024
- Published Date
- July 16, 2025
- Last Updated
- February 26, 2026
- Vendor
- Cisco
- Product
- Cisco Identity Services Engine Software, Cisco ISE Passive Identity Connector
- Description
- A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
- Exploited in the Wild
- Yes (2026-06-01 10:37:36 UTC) Source
cisa
CVSS Scores
CVSS v3.1
10.0 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SSVC Information
Exploit Status
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CVE | 2026-06-01 10:37:36 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel