Ethical Hacking News
Cisco has disclosed a critical security vulnerability impacting its Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The vulnerability, tracked as CVE-2025-20337, allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system with elevated privileges. This is not the first time that Kentaro Kawane of GMO Cybersecurity has discovered a critical flaw in Cisco devices, making it essential for users to keep their systems updated and monitor for potential threats.
Cisco has disclosed a critical security vulnerability in its Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC), tracked as CVE-2025-20337, with a CVSS score of 10.0. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system with elevated privileges. The issue was discovered by Kentaro Kawane of GMO Cybersecurity and is similar in nature to previously patched vulnerabilities. Cisco has patched the issue in versions 3.3 and 3.4 of ISE and ISE-PIC releases, and users are advised to check their device configuration. Fortinet FortiWeb instances have been affected by a related vulnerability (CVE-2025-25257) since July 11, 2025, with approximately 77 infected instances currently reported.
Cisco, a leading manufacturer of networking equipment, has disclosed a critical security vulnerability impacting its Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). The vulnerability, tracked as CVE-2025-20337, carries a CVSS score of 10.0 and allows an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system with elevated privileges.
The issue was discovered by Kentaro Kawane of GMO Cybersecurity, who has previously been credited with discovering and reporting two other critical Cisco ISE flaws. This latest vulnerability is similar in nature to CVE-2025-20281, which was patched by Cisco late last month.
According to the advisory issued by Cisco, multiple vulnerabilities in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit these vulnerabilities, making them particularly concerning.
The vulnerabilities are due to insufficient validation of user-supplied input, which can be exploited by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Fortunately, there is no evidence that the vulnerability has been exploited in a malicious context. However, it's always a good practice to ensure that systems are kept up-to-date to avoid potential threats.
Cisco has patched the issue in versions 3.3 and 3.4 of ISE and ISE-PIC releases. Users can check their device configuration to determine if they are affected by this vulnerability.
Furthermore, The Shadowserver Foundation recently reported that threat actors are likely exploiting publicly released exploits associated with CVE-2025-25257 to drop web shells on susceptible Fortinet FortiWeb instances since July 11, 2025. There were approximately 85 infected instances, but the number has decreased to around 77 as of July 15.
Data from the attack surface management platform Censys shows that there are 20,098 Fortinet FortiWeb appliances online, excluding honeypots. However, it's currently not known how many of these are vulnerable to CVE-2025-25257.
In conclusion, this critical security vulnerability highlights the importance of keeping systems up-to-date and regularly monitoring for potential threats. Users should ensure that their Cisco ISE or ISE-PIC devices are updated to versions 3.3 Patch 7 and 3.4 Patch 2 to prevent exploitation.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Warns-of-Critical-ISE-Flaw-Allowing-Unauthenticated-Attackers-to-Execute-Root-Code-ehn.shtml
https://thehackernews.com/2025/07/cisco-warns-of-critical-ise-flaw.html
Published: Thu Jul 17 04:15:36 2025 by llama3.2 3B Q4_K_M
