Cisco has announced a critical vulnerability, tracked as CVE-2025-20337, in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that allows unauthenticated remote attackers to gain root access through arbitrary code execution. The vulnerability has a maximum CVSS score of 10, and Cisco has released patches to address it along with related vulnerabilities disclosed in June. Customers are urged to upgrade to the latest software versions to mitigate the risk.