Cisco warns of ISE cloud credential vulnerability

Cisco has issued an urgent advisory for a high-severity vulnerability in its Identity Services Engine affecting cloud deployments, with a CVSS score of 9.9 and publicly available proof-of-concept exploit code, reports Cyber Security News.

The flaw, tracked as CVE-2025-20286, arises from improperly generated static credentials that are reused across identical ISE versions on the same cloud platform, such as AWS, Azure, and Oracle Cloud Infrastructure. This means attackers could use credentials from one compromised ISE instance to access others. On-premises installations and hybrid models remain unaffected. The vulnerability spans ISE versions 3.1 to 3.4, with AWS affected across all four and Azure and OCI vulnerable from versions 3.2 to 3.4. Cisco has released an immediate hot fix and recommends IP allowlisting and a full configuration reset for new installations. While there is no current evidence of active exploitation, Cisco’s PSIRT confirms the vulnerability is serious, especially in cloud-native deployments with the Primary Admin node hosted in the cloud.