{"uuid": "bd5b307d-3544-4b9e-a4b2-0959fb1d814f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-20337", "type": "seen", "source": "https://t.me/SpiderCodeCommunity1/350", "content": "\u0642\u0646\u0627\u0647 \u0627\u062e\u0628\u0627\u0631\u064a\u0647 \u0646\u0632\u0644\u062a \u062e\u0628\u0631 \u0639\u0646 \u0627\u062e\u062a\u0631\u0627\u0642 Cisco \u0627\u0644\u0646\u0647\u0627\u0631\u062f\u0647 \ud83d\ude2e\n\n-----------------------------------------------------------------\n\n\u0627\u0647\u0644\u0627 \u0648\u0633\u0647\u0644\u0627 \u0628\u064a\u0643 \u064a\u0639\u0632\u064a\u0632\u064a \u0627\u0644\u0642\u0631\u0627\u0621 \u0641\u064a CVE \u0627\u0644\u062e\u0645\u064a\u0633 \ud83e\udd29\n\n\n\u0641\u064a \u062a\u0627\u0631\u064a\u062e : \n\n{ 2025/7/17 }\n\n\u062a\u0645 \u062d\u062f\u0648\u062b ( CVE-2025-20337 )\n\n\n-----------------------------------------------------------------\n\u0637\u064a\u0628 \u0627\u064a \u0627\u0644\u0640 CVE \u062f\u0627 \u061f\n\n\u0628\u062e\u062a\u0635\u0627\u0631 \u064a\u0639\u0632\u064a\u0632\u064a \u0627\u0644\u0640 CVE \u062f\u0627 \u0628\u064a\u0643\u0648\u0646 \u062b\u063a\u0631\u0627\u062a \u062a\u0645 \u062a\u0633\u062c\u064a\u0644\u0647 \u0648 \u0628\u062a\u0643\u0648\u0646 \u0645\u0631\u062a\u0628\u0647 \u062f\u0631\u062c\u0647 \u0627\u0644\u062e\u0637\u0648\u0631\u0647 \u0645\u0646 \u0627\u0639\u0644\u064a \u062f\u0631\u062c\u0647 \u0644\u064a \u062d\u062f CVE \u062e\u0641\u064a\u0641 \u062e\u0637\u0648\u0631\u0647 \u0645\u0634 \u0636\u0627\u0631\u0647\n\n-----------------------------------------------------------------\n\n\n\u0627\u0644\u0645\u0647\u0645 \u0646\u0631\u062c\u0639 \u0644\u064a \u0645\u0648\u0636\u0648\u0639\u0646\u0627 \ud83d\ude01\n\n\n\u0637\u064a\u0628 \u0627\u064a \u062a\u0642\u064a\u0645 \u0627\u0644\u062b\u063a\u0631\u0647 \u0645\u0646 10 \u061f\n\n10/10 \ud83d\ude2e\n\n\u0637\u064a\u0628 \u062a\u0645 \u0627\u0643\u062a\u0634\u0627\u0641 \u0627\u0644\u062b\u063a\u0631\u0647 \u0627\u0645\u062a\u0627 \u061f\n\n{ 2025/7/11 }\n\n\u0637\u064a\u0628 \u0645\u064a\u0646 \u0627\u0636\u0631 \u0641\u064a \u0627\u0644\u062b\u063a\u0631\u0647 \u062f\u064a \u061f\n\nCisco Identity Services Engine (ISE) \n\n\u0648 ISE-PIC\n\n\u0627\u0643\u062a\u0634\u0641\u0648 \u0648\u062c\u0648\u062f \n\nUnauthenticated Remote Code Execution (RCE) \n\n\u0628\u062e\u0635\u062a\u0627\u0631 \u0627\u0644\u0647\u062c\u0648\u0645 \u0645\u0634 \u0628\u064a\u062d\u062a\u0627\u062c \u0627\u0646\u0643 \u062a\u0633\u062c\u0644 \u0641\u064a Unauthenticated \u0627\u0644\u064a \u0647\u064a\u0627 \u0628\u0644 \u0639\u0631\u0628\u064a \u0645\u0635\u0627\u062f\u0642\u0647 \u0627\u0644\u062b\u0646\u0627\u0626\u064a\u0647\n\n\u0637\u064a\u0628 \u0627\u064a \u0627\u0644\u0640 impact \u0627\u0648 \u0627\u0644\u062a\u0627\u062b\u064a\u0631 \u061f\n\n\u0627\u0646 \u0627\u0644\u0645\u0647\u0627\u062c\u0645 \u064a\u0642\u062f\u0631 \u064a\u0643\u0648\u0646 \u0645\u0633\u062a\u062e\u062f\u0645 root \u0639\u0644\u064a \u0633\u064a\u0631\u0641\u0631 \u0645\u0646 cisco \n\n\u0637\u064a\u0628 \u062a\u0645\u062a \u0627\u0632\u0627\u064a \u061f\n\n\u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0648\u0627\u062c\u0647\u0629 API \u063a\u064a\u0631 \u0645\u062d\u0645\u064a\u0629 \u0641\u064a ISE\n\n\u0645\u064a\u0646 \u0627\u0644\u064a \u0627\u0643\u062a\u0634\u0641 \u0627\u0644\u062b\u063a\u0631\u0647 \u061f\n\nKentaro Kawane\n\n\u0637\u064a\u0628 \u0627\u064a \u0644\u0627\u0635\u062f\u0631\u0627\u062a \u0627\u0644\u064a \u064a\u062a\u0645 \u062d\u062f\u0648\u062b \u0627\u0644\u062b\u063a\u0631\u0647 \u0641\u064a\u0647\u0627 \u061f\n\nCisco ISE 3.3 \u0642\u0628\u0644 Patch 7\n\nCisco ISE 3.4 \u0642\u0628\u0644 Patch 2 ( \u062a\u0645 \u0627\u0635\u0644\u0627\u062d \u0645\u0634\u0643\u0644\u0647 \u0641\u064a \u062a\u062d\u062f\u064a\u062b \u0627\u0644\u062c\u062f\u064a\u062f )\n\nCisco ISE 3.3 Patch 7\n\nCisco ISE 3.4 Patch 2 \n\n\n\u0637\u064a\u0628 \u0643\u0644 \u062f\u0627 \u0643\u0627\u0646 \u0645\u0642\u062f\u0645\u0647 \u0646\u062a\u0643\u0644\u0645 \u0639\u0646 \u062b\u063a\u0631\u0647 \u0628\u0634\u0643\u0644 \u062a\u0641\u0635\u064a\u0644\u064a  \ud83d\ude01\n\n\u0641\u064a \u062a\u0627\u0631\u064a\u062e :\n{ 2025/7/16 }\n\n\u062a\u0645 \u0627\u0633\u062a\u0644\u0627\u0645 \u0627\u0644\u062a\u0642\u0631\u064a\u0631 \u0645\u0646 Cisco \u0627\u0644\u064a NVD \u0628\u0630\u0643\u0631 \u062a\u0641\u0627\u0635\u064a\u0644 \u0627\u0644\u062b\u063a\u0631\u0629 \u0648\u062a\u0642\u064a\u064a\u0645\u0647\u0627 \u0628\u0646\u0642\u0627\u0637 CVSS 10.0  \n\n\n\u0648\n\n17 \u064a\u0648\u0644\u064a\u0648 2025: Cisco \u0646\u0634\u0631\u062a advisory \u0631\u0633\u0645\u064a\u0629 \u0648\u062a\u063a\u0637\u064a\u0629 \u0625\u0639\u0644\u0627\u0645\u064a\u0629 \u0648\u0635\u062d\u064a\u0641\u0629 \u062d\u0648\u0644 \u0627\u0644\u062b\u063a\u0631\u0629  \n\n\n\u0637\u064a\u0628 \u0627\u0632\u0627\u064a \u0627\u0644\u062b\u063a\u0631\u0647 \u0628\u062a\u062d\u0635\u0644 \u061f\n\n\u062e\u0637\u0623 \u0641\u064a \u0627\u0644\u062a\u062d\u0642\u0642 \u0645\u0646 \u0635\u062d\u0629 \u0627\u0644\u0645\u062f\u062e\u0644\u0627\u062a (insufficient input validation) \u0641\u064a \u0648\u0627\u062c\u0647\u0629 API \u062e\u0627\u0635\u0629 \u062d\u064a\u062b \u064a\u0645\u0643\u0646 \u0644\u0644\u0645\u0647\u0627\u062c\u0645 \u0625\u0631\u0633\u0627\u0644 \u0637\u0644\u0628 HTTP \u0645\u064f\u0635\u0645\u0651\u0645 \u0628\u0637\u0631\u064a\u0642\u0629 \u062e\u0628\u064a\u062b\u0629 \u0644\u062a\u0646\u0641\u064a\u0630 \u0623\u0648\u0627\u0645\u0631 \u0639\u0644\u0649 \u0646\u0638\u0627\u0645 \u0627\u0644\u062a\u0634\u063a\u064a\u0644 \u2014 \u0628\u0627\u0644\u0643\u0627\u0645\u0644 \u0628\u0635\u0644\u0627\u062d\u064a\u0627\u062a root \u0628\u062f\u0648\u0646 \u0645\u0635\u0627\u062f\u0642\u0629 \u0623\u0648 \u062a\u0641\u0627\u0639\u0644 \u0645\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645  \n\n\u064a\u064f\u0635\u0646\u0641 \u062a\u062d\u062a\n\n CWE\u201174: Improper Neutralization of Special Elements in Output\n\n\n\u0648 \u0633\u0628\u0628 \u0638\u0647\u0648\u0631\u0647 \u0643\u0627\u0646 injection \u0641\u064a \u0627\u0644\u062f\u0627\u062a\u0627 \u0627\u0644\u062e\u0627\u0635\u0647\n\n\u0634\u0643\u0631\u0627 \u0639\u0644\u064a \u0642\u0631\u0627\u0626\u0647 \u0627\u0644\u0645\u0642\u0627\u0644 \u0644\u0648 \u062d\u0628\u064a\u062a\u0648 \u0633\u0644\u0633\u0644\u0647 CVE \u0627\u0644\u062e\u0645\u064a\u0633 \u0642\u0648\u0644\u0648 \u0631\u0627\u064a\u0643\u0645 \u0641\u064a\u0647\u0627 \ud83e\udd0d", "creation_timestamp": "2025-07-17T14:47:19.000000Z"}