Cisco has issued a warning for CVE-2025-20337, a critical vulnerability (CVSS 10) in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). The flaw allows unauthenticated remote attackers to execute arbitrary code as root via a crafted API request, due to insufficient input validation. It is similar to the previously disclosed CVE-2025-20281. Cisco advises updating to 3.3 Patch 7 or 3.4 Patch 2. Earlier releases (3.2 and below) are not vulnerable. No active exploitation has been observed.