Cisco has unveiled a new critical-security flaw affecting Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) that could allow an attacker to run arbitrary code on the host operating system with heightened privileges.
Documented as CVE-2025-20337, this vulnerability has a CVSS rating of 10.0 and resembles CVE-2025-20281, which has been addressed.