CVE-2025-20337 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-07-16

Added to CISA KEV: 2025-07-28 12 DAYS BETWEEN CVE AND KEV

⚠️ CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity before patching
EMERGENCY: Immediately upgrade to fixed ISE software releases
Implement network segmentation to limit ISE internet exposure if possible
Monitor ISE logs for suspicious API activity and unauthorized access attempts
Deploy IPS/IDS rules to detect exploitation attempts
Consider temporarily blocking non-essential internet access to ISE if patching is delayed

NVD - CVE-2025-20337
NVD - CVE-2025-20337Information Technology Laboratory National Vulnerability Database
Cisco Identity Services Engine Unauthenticated Remote Code ...
Exploitation and Public Announcements In July 2025, the Cisco PSIRT became aware of attempted exploitation of CVE-2025-20281 and CVE-2025-20337 ...
tenable.com/cve/CVE-2025-20337
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying ...
Cisco Warns of Identity Services Engine RCE Vulnerability Exploited in ...
Cisco ISE RCE Vulnerability Exploited in Wild. The most severe vulnerabilities, CVE-2025-20281 and CVE-2025-20337, stem from insufficient validation of user-supplied input in specific APIs within ISE versions 3.3 and 3.4.
CISA Warns of Cisco Identity Services Engine Vulnerability Exploited...
The vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20337, allow attackers to achieve remote code execution with root privileges on affected systems. Key Takeaways 1. CISA added two Cisco ISE vulnerabilities (CVE-2025-20281, CVE-2025-20337) to its Known Exploited...

🔴 CVE-2025-20337