Jul 17, 2025Ravie LakshmananVulnerability / Community Safety
Cisco has disclosed a brand new maximum-severity safety vulnerability impacting Id Providers Engine (ISE) and Cisco ISE Passive Id Connector (ISE-PIC) that would allow an attacker to execute arbitrary code on the underlying working system with elevated privileges.
Tracked as CVE-2025-20337, the shortcoming carries a CVSS rating of 10.0 and is much like CVE-2025-20281, which was patched by the networking gear main late final month.
“A number of vulnerabilities in a particular API of Cisco ISE and Cisco ISE-PIC may enable an unauthenticated, distant attacker to execute arbitrary code on the underlying working system as root. The attacker doesn’t require any legitimate credentials to use these vulnerabilities,” the corporate stated in an up to date advisory.
“These vulnerabilities are as a result of inadequate validation of user-supplied enter. An attacker may exploit these vulnerabilities by submitting a crafted API request. A profitable exploit may enable the attacker to acquire root privileges on an affected machine.”
Kentaro Kawane of GMO Cybersecurity has been credited with discovering and reporting the flaw. Kawane was beforehand acknowledged for 2 different vital Cisco ISE flaws (CVE-2025-20286 and CVE-2025-20282) and one other vital bug in Fortinet FortiWeb (CVE-2025-25257)
CVE-2025-20337 impacts ISE and ISE-PIC releases 3.3 and three.4, no matter machine configuration. It doesn’t influence ISE and ISE-PIC launch 3.2 or earlier. The problem has been patched within the following variations –
Cisco ISE or ISE-PIC Launch 3.3 (Mounted in 3.3 Patch 7)
Cisco ISE or ISE-PIC Launch 3.4 (Mounted in 3.4 Patch 2)
There is no such thing as a proof that the vulnerability has been exploited in a malicious context. That stated, it is at all times a superb follow to make sure that programs are stored up-to-date to keep away from potential threats.
The disclosure comes as The Shadowserver Basis reported that menace actors are doubtless exploiting publicly launched exploits related to CVE-2025-25257 to drop internet shells on prone Fortinet FortiWeb cases since July 11, 2025.
As of July 15, there are estimated to be 77 contaminated cases, down from 85 the day earlier than. The vast majority of the compromises are concentrated round North America (44), Asia (14), and Europe (13).
Knowledge from the assault floor administration platform Censys exhibits that there are 20,098 Fortinet FortiWeb home equipment on-line, excluding honeypots, though it is at present not identified what number of of those are susceptible to CVE-2025-25257.
“This flaw allows unauthenticated attackers to execute arbitrary SQL instructions through crafted HTTP requests, resulting in distant code execution (RCE),” Censys stated.
Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we submit.
