Max severity Cisco ISE bug allows pre-auth command execution, patch now

Max severity Cisco ISE bug allows pre-auth command execution, patch now Bill Toulas July 17, 2025 11:53 AM 0 A critical vulnerability (CVE-2025-20337) in Cisco's Identity Services Engine (ISE) could be exploited to let an unauthenticated attacker store malicious files, execute arbitrary code, or gain root privileges on vulnerable devices. The security issue received the maximum severity rating, 10 out of 10, and is caused by insufficient user-supplied input validation checks. It was discovered by Kentaro Kawane, a researcher at the Japanese cybersecurity service GMO Cybersecurity by Ierae, and reported Trend Micro's Zero Day Initiative (ZDI). A remote unauthenticated attacker could leverage it by submitting a specially crafted API request The vulnerability was added via anupdate to the security bulletinfor CVE-2025-20281 and CVE-2025-20282, twosimilar RCE vulnerabilitiesthat also received the maximum severity score, that impact ISE and ISE-PIC versions 3.4 and 3.3. "These vulnerabiliti...