**Cisco Patches High-Severity Cloud Vulnerability in Identity Services Engine**
Cisco has released an urgent advisory addressing a high-severity vulnerability (CVE-2025-20286) in its Identity Services Engine (ISE), specifically impacting cloud deployments with a CVSS score of 9.9. The flaw stems from hardcoded static credentials reused across identical ISE instances on the same cloud platform—including AWS, Azure, and Oracle Cloud Infrastructure (OCI)—allowing attackers to exploit one compromised instance to access others.
The vulnerability affects ISE versions 3.1 to 3.4, with AWS deployments vulnerable across all versions, while Azure and OCI are impacted from versions 3.2 to 3.4. On-premises and hybrid installations remain unaffected. Cisco has released a hot fix and advises users to implement IP allowlisting and perform a full configuration reset for new cloud deployments.
While no active exploitation has been observed, Cisco’s Product Security Incident Response Team (PSIRT) warns of the risk, particularly in cloud-native environments where the Primary Admin node is hosted in the cloud. Proof-of-concept exploit code is publicly available, heightening the urgency for affected organizations to apply patches.
Source: https://www.scworld.com/brief/cisco-warns-of-ise-cloud-credential-vulnerability
Cisco cybersecurity rating report: https://www.rankiteo.com/company/cisco
"id": "CIS1765250410",
"linkid": "cisco",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Users of Cisco ISE cloud '
'deployments (AWS, Azure, Oracle '
'Cloud Infrastructure)',
'industry': 'Networking and Cybersecurity',
'location': 'Global',
'name': 'Cisco',
'size': 'Large Enterprise',
'type': 'Technology Company'}],
'attack_vector': 'Static Credentials Reuse',
'customer_advisories': 'Users advised to apply hot fix and follow mitigation '
'steps',
'description': 'Cisco issued an urgent advisory for a high-severity '
'vulnerability in its Identity Services Engine (ISE) affecting '
'cloud deployments. The flaw, tracked as CVE-2025-20286, '
'arises from improperly generated static credentials reused '
'across identical ISE versions on the same cloud platform, '
'allowing attackers to use credentials from one compromised '
'instance to access others. Proof-of-concept exploit code is '
'publicly available.',
'impact': {'brand_reputation_impact': 'High',
'operational_impact': 'Potential unauthorized access to ISE '
'instances',
'systems_affected': 'Cisco Identity Services Engine (ISE) cloud '
'deployments'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Hot fix release, IP '
'allowlisting, configuration '
'reset',
'root_causes': 'Improperly generated static '
'credentials reused across '
'identical ISE versions on the same '
'cloud platform'},
'recommendations': "Apply Cisco's hot fix, implement IP allowlisting, and "
'perform a full configuration reset for new installations.',
'references': [{'source': 'Cyber Security News'}],
'response': {'communication_strategy': 'Urgent advisory issued',
'containment_measures': 'IP allowlisting, full configuration '
'reset for new installations',
'remediation_measures': 'Hot fix released by Cisco'},
'stakeholder_advisories': 'Urgent advisory issued by Cisco',
'title': 'High-Severity Vulnerability in Cisco Identity Services Engine '
'(CVE-2025-20286)',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2025-20286'}