{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T23:26:22.951","vulnerabilities":[{"cve":{"id":"CVE-2025-20337","sourceIdentifier":"psirt@cisco.com","published":"2025-07-16T17:15:30.573","lastModified":"2025-10-28T13:58:55.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device."},{"lang":"es","value":"Una vulnerabilidad en una API específica de Cisco ISE y Cisco ISE-PIC podría permitir que un atacante remoto no autenticado ejecute código arbitrario en el sistema operativo subyacente como root. El atacante no necesita credenciales válidas para explotar esta vulnerabilidad. Esta vulnerabilidad se debe a una validación insuficiente de la información proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad enviando una solicitud de API manipulada. Una explotación exitosa podría permitirle obtener privilegios de root en un dispositivo afectado."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"cisaExploitAdd":"2025-07-28","cisaActionDue":"2025-08-18","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Cisco Identity Services Engine Injection Vulnerability","weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"F1B9C2C1-59A4-49A0-9B74-83CCB063E55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"DFD29A0B-0D75-4EAB-BCE0-79450EC75DD0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"E6C94CC4-CC08-4DAF-A606-FDAFC92720A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"BB069EA3-7B8C-42B5-8035-2EE5ED3F56E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"FF8B81A6-BF44-4E5F-B167-39F61DDCA026"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"56E0F0EC-3E66-4866-89F5-89B331F3F517"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"2E3E8937-2859-4A2A-91C0-05F674EF0466"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"D23905E0-E525-49B1-8E5F-4EB42D186768"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"74509498-38EF-4345-9583-CEF5C26CA1D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:-:*:*:*:*:*:*","matchCriteriaId":"3CA3315D-8A45-43F4-A0F0-094D325F285B"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch1:*:*:*:*:*:*","matchCriteriaId":"B3736136-9FD8-4B12-B119-EA15201224D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch2:*:*:*:*:*:*","matchCriteriaId":"654ED77E-22D3-4E76-9E6D-B1581F5982F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch3:*:*:*:*:*:*","matchCriteriaId":"A0648EE9-F042-479F-9AAB-C6B5DBC46511"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch4:*:*:*:*:*:*","matchCriteriaId":"83F3BA58-4F38-41C8-956F-38A2F44EECE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch5:*:*:*:*:*:*","matchCriteriaId":"6C30FA1D-91E2-48C5-B181-A88FDF668278"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.3.0:patch6:*:*:*:*:*:*","matchCriteriaId":"768215B1-80B7-40FF-8772-BA4C0B3913F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:-:*:*:*:*:*:*","matchCriteriaId":"CC0525FD-C4D7-4B48-BF35-1791391AB148"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:identity_services_engine_passive_identity_connector:3.4.0:patch1:*:*:*:*:*:*","matchCriteriaId":"68C96F6B-51EE-4D03-9598-CBFD16DA22EF"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20337","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}