Cisco has raised the alert levels with regards to a high-severity vulnerability CVE-2025-20337. This vulnerability affects its Identity Services Engine (ISE) and ISE-PIC software version 3.3 and 3.4. This vulnerability allows unauthenticated attackers to execute arbitrary code on affected devices, leading to severe impacts on configurations of devices all over the world.
Kentaro Kawane from GMO Cybersecurity found and reported CVE-2025-20337. As of July 15, this vulnerability has already been associated with 77 infected cases. This figure marks an 85 drop from 85 cases reported yesterday suggesting that the threat may be subsiding. The at-risk devices are heavily focused in North America, followed closely by Asia and Europe.
Details of the Vulnerability
Another critical flaw, CVE-2025-20337, may allow a remote attacker to take complete control of the device and its security. According to Cisco, “Multiple vulnerabilities in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root.” Critically, these vulnerabilities don’t require any valid credentials to exploit.
Kawane, who discovered other critical vulnerabilities in their path like CVE-2025-20286 and CVE-2025-20282, wants to highlight the severity of this flaw. He noted that “These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.”
Impact on Users and Organizations
CVE-2025-20337 presents distant but deadly dangers that extend beyond simple personal appliance installations. Most importantly, it risks the stability of whole enterprise networks that rely on Cisco’s ISE technology. Negotiations and compromises The biggest areas of compromise have been in geographic areas. Now is the time for organizations to take decisive action to identify their networks and the potential vulnerabilities.
Cisco recommends that everyone remain vigilant, as it always does. They urge immediate updates or patches to mitigate risks from this essential flaw. The company added, “This flaw enables unauthenticated attackers to execute arbitrary SQL commands via crafted HTTP requests, leading to remote code execution (RCE).”
Historical Context
Beyond the flashy title, Kawane’s track record of exposing bad vulnerabilities has made him a huge relevant character in cybersecurity circles. His past recognitions demonstrate his very impressive ability to spot serious weaknesses, such as CVE-2025-25257 in Fortinet FortiWeb. This highlights the importance of vigilant monitoring of vulnerabilities in popular, commonly used software.
