Cisco Warns of Critical ISE Flaw Allowing Unauthenticated Attackers to Execute Root Code

Source: The Hacker News

Author: info@thehackernews.com (The Hacker News)

URL: https://thehackernews.com/2025/07/cisco-warns-of-critical-ise-flaw.html

ONE SENTENCE SUMMARY:

A critical Cisco security vulnerability could allow unauthorized remote code execution in ISE systems, urging immediate patching and system updates.

MAIN POINTS:

1. New vulnerability affects Cisco ISE, allowing arbitrary code execution with root privileges.
2. Tracked as CVE-2025-20337 with a maximum CVSS score of 10.0.
3. Similar to CVE-2025-20281, recently patched.
4. Exploitable through crafted API requests due to insufficient input validation.
5. Kentaro Kawane credited with discovering the flaw.
6. Affects ISE versions 3.3 and 3.4, fixed in specific patches.
7. No current evidence of malicious exploitation of this vulnerability.
8. Related exploits in Fortinet FortiWeb are reportedly being used maliciously.
9. 77 FortiWeb instances compromised, primarily in North America, Asia, and Europe.
10. Censys reports 20,098 online FortiWeb appliances, with unknown vulnerability status.

TAKEAWAYS:

1. Patch ISE systems immediately to safeguard against CVE-2025-20337.
2. Ensure robust validation procedures for API inputs to prevent exploits.
3. Continually monitor security advisories for timely updates.
4. Stay informed of related exploits affecting similar systems like FortiWeb.
5. Regular system updates are crucial to minimize security threats.