A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Identity Services Engine Software | 3.3.0, 3.3 Patch 2, 3.3 Patch 1, 3.3 Patch 3, 3.4.0, 3.3 Patch 4, 3.4 Patch 1, 3.3 Patch 5, 3.3 Patch 6 |
| Cisco | Cisco ISE Passive Identity Connector | 3.2.0, 3.1.0, 3.3.0, 3.4.0 |
Yes — actively exploited. Added to the CISA KEV catalog on 2025-07-28. Ransomware use: Unknown.
For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.
Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:
No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.