Critical Cisco ISE Vulnerability Exposes Cloud Deployments to Unauthorized Access

In June 2025, Cisco disclosed a critical vulnerability in its Identity Services Engine (ISE), designated as CVE-2025-20286. This flaw has significant implications for organizations utilizing cloud deployments across major platforms.
The vulnerability arises from the generation of static credentials during the deployment of Cisco ISE on cloud platforms. Specifically, all instances of a particular Cisco ISE release on a given cloud platform share the same credentials. For instance, every Cisco ISE 3.1 deployment on AWS would have identical credentials.
The following Cisco ISE versions are impacted:
It’s important to note that this vulnerability affects only cloud deployments where the Primary Administration node is deployed in the cloud. On-premises deployments remain unaffected.
Potential Exploitation
An attacker who obtains the static credentials could potentially:
Cisco has acknowledged the existence of a proof-of-concept exploit but has not observed any malicious exploitation in the wild. To mitigate the risks associated with this vulnerability, Cisco recommends:
Organizations are urged to act promptly to address this vulnerability and safeguard their cloud-based Cisco ISE deployments.
In the rapidly evolving cybersecurity landscape, staying informed about recent vulnerabilities, threats, and advisories is critical. This week’s digest covers […]
Threat actors have historically targeted Atlassian vulnerabilities in products affected by the four vulnerabilities described below to achieve goals such […]
Cisco fixed a vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software, identified as CVE-2024-20360 (CVSS […]