Cisco has announced the release of patches addressing three critical vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP), with exploit code available publicly. According to security experts, the most severe of these vulnerabilities is tracked as CVE-2025-20286, discovered by Kentaro Kawane from GMO Cybersecurity, highlighting significant risks for users deploying Cisco ISE in cloud environments.
This critical issue stems from improperly generated static credentials in cloud deployments of Cisco ISE, which can result in shared credentials across multiple installations. As a result, unauthenticated attackers may exploit this flaw to extract user credentials and gain unauthorized access to other installations in different cloud environments. Cisco clarified that the vulnerability is particularly concerning for users with the Primary Administration node deployed in the cloud.
Cisco explained, “A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, or modify system configurations.” The company has acknowledged that proof-of-concept exploit code is now circulating, underscoring the urgency for users to apply the necessary patches.
In addition to the critical credential flaw, Cisco’s updates also address an arbitrary file upload vulnerability (CVE-2025-20130) affecting Cisco ISE as well as an information disclosure issue (CVE-2025-20129) within the CCP. The company advises administrators currently unable to implement the hotfixes to execute the command _application reset-config ise_ on the Primary Administration persona cloud node, although this will reset the Cisco ISE to factory settings, posing risks to existing configurations.
This series of vulnerabilities adds to Cisco’s recent history of security issues, including a command injection vulnerability disclosed in September that allowed attackers to escalate privileges to root on unpatched systems (BleepingComputer). Cisco has confirmed it is actively addressing these critical vulnerabilities and emphasizes the importance of immediate action from its users.