Cisco has issued a warning regarding a critical vulnerability found within its Identity Services Engine (ISE) deployments on major cloud platforms, including Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI). This security flaw, tracked as CVE-2025-20286, has been assigned a CVSS score of 9.9, indicating a severe risk that could allow remote threat actors unauthorized access to sensitive data and the ability to modify system configurations.
The vulnerability arises during the deployment of Cisco ISE on cloud platforms, where incorrectly generated credentials lead to multiple deployments sharing the same authentication information. Researchers have dubbed this issue as a “static credential vulnerability,” which means that if an attacker extracts credentials from one cloud-based instance, they can potentially access other Cisco ISE instances deployed in different environments through unsecured ports.
According to recent statements from security researchers, the implications of this exploit could be significant. A successful attack may enable the perpetrator to access sensitive information, execute limited administrative functions, and alter system configurations or disrupt services on the affected systems. Further information detailing the potential impact can be found in the Cisco Security Advisory.
This vulnerability is present in several versions of Cisco ISE deployed across different platforms, specifically AWS versions 3.1, 3.2, 3.3, and 3.4; Azure versions 3.2, 3.3, and 3.4; as well as OCI versions 3.2, 3.3, and 3.4. Cisco has acknowledged the existence of a proof-of-concept exploit for this issue, although no evidence suggests that it has been actively exploited in real-world scenarios.