CVE-2025-20337

ENISA EUVD: EUVD-2025-21708 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 6 articles Published: 2025-07-16

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

1.35%

probability

This CVE has a 1.35% probability of being exploited in the next 30 days.

0% Top 80.3th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Affected Products

Cisco

Cisco Identity Services Engine Software

3.3.0 3.3 Patch 2 3.3 Patch 1 3.3 Patch 3 3.4.0 3.3 Patch 4

Cisco

Cisco ISE Passive Identity Connector

3.2.0 3.1.0 3.3.0 3.4.0

cisco

identity services engine

cisco

identity services engine passive identity connector

Cisco

Cisco Identity Services Engine Software

3.3 Patch 4

Cisco

Cisco ISE Passive Identity Connector

3.3.0

Cisco

Cisco Identity Services Engine Software

3.3 Patch 3

Cisco

Cisco Identity Services Engine Software

3.3.0

Cisco

Cisco Identity Services Engine Software

3.3 Patch 5

Cisco

Cisco ISE Passive Identity Connector

3.2.0

Cisco

Cisco ISE Passive Identity Connector

3.1.0

Cisco

Cisco Identity Services Engine Software

3.4.0

Cisco

Cisco Identity Services Engine Software

3.4 Patch 1

Cisco

Cisco ISE Passive Identity Connector

3.4.0

Cisco

Cisco Identity Services Engine Software

3.3 Patch 6

Cisco

Cisco Identity Services Engine Software

3.3 Patch 1

Cisco

Cisco Identity Services Engine Software

3.3 Patch 2

Attack Intelligence

CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6

Signal Intelligence

Confidenceⓘ

95%

EPSS 1.35%

CVSS v3.1 10

Mentions 6

Last Seen Nov 12, 2025

CNA Information

CNA Assigner

cisco

CNA Title

Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

Analyst Note

CVE-2025-20337 is explicitly named as a zero-day vulnerability in multiple authoritative sources (BleepingComputer, TheHackerNews, CERT-EU). Amazon's threat intelligence team documented active exploitation by an advanced threat actor before patches were available. The CVE was published in July 2025 with concurrent exploitation reports, meeting the zero-day criteria of in-the-wild exploitation prior to patch availability.