Cisco ISE maximum severity flaw lets hackers execute root code

ISE is a network security policy management and access control platform, helping organizations centrally manage who and what can connect to their network. The ISE-PIC, on the other hand, is a lightweight service that collects identity information about users and devices without requiring them to authenticate via traditional methods.

Both tools are typically used by enterprise IT and cybersecurity teams that manage large or complex network environments.

The importance of patching

Recently, security researcher Kentaro Kawane, from GMO Cybersecurity, discovered an insufficient validation of user-supplied input vulnerability that could be exploited by submitting a crafted API request. Valid credentials are not required to abuse the flaw.

It is tracked as CVE-2025-20337, and was given a severity score of 10/10 (critical). It affects releases 3.3 and 3.4 of the tools, regardless of device configuration. However, releases 3.2 or older are not affected.

Cisco addressed the flaws in these versions:

- Cisco ISE or ISE-PIC Release 3.3 (Fixed in 3.3 Patch 7)
- Cisco ISE or ISE-PIC Release 3.4 (Fixed in 3.4 Patch 2)

The good news is that there is no evidence the vulnerability has been exploited in the wild by malicious actors. However, cybercriminals are known for targeting organizations only after a bug was made public, since many entities don’t rush to apply the patches. By keeping hardware and software outdated, organizations are keeping their back doors wide open, and criminals are getting an easy way into the premises.

Therefore, it would be good practice to apply the patches as soon as possible and prevent possible attacks.

Via The Hacker News

You might also like

• Cisco warns over worrying security flaws in ISE affecting AWS, Azure cloud deployments - here's what you need to know
• Take a look at our guide to the best authenticator app
• We've rounded up the best password managers