A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
                
            References
                    Configurations
                    Configuration 1 (hide)
| 
 | 
History
                    21 Oct 2025, 23:16
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
 | 
21 Oct 2025, 20:20
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
 | 
21 Oct 2025, 19:21
| Type | Values Removed | Values Added | 
|---|---|---|
| References | 
 | 
17 Jul 2025, 20:42
| Type | Values Removed | Values Added | 
|---|---|---|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 - Vendor Advisory | |
| First Time | Cisco identity Services Engine Passive Identity Connector Cisco Cisco identity Services Engine | |
| CPE | cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:* | 
17 Jul 2025, 19:40
| Type | Values Removed | Values Added | 
|---|---|---|
| Summary | 
 | 
16 Jul 2025, 17:15
| Type | Values Removed | Values Added | 
|---|---|---|
| New CVE | 
Information
                Published : 2025-07-16 17:15
Updated : 2025-10-21 23:16
NVD link : CVE-2025-20337
Mitre link : CVE-2025-20337
CVE.ORG link : CVE-2025-20337
JSON object : View
Products Affected
                cisco
- identity_services_engine_passive_identity_connector
- identity_services_engine
CWE
                
                    
                        
                        CWE-74
                        
            Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
