Cisco Patches Critical ISE Vulnerability With Public PoC

Cisco this week announced fixes for a dozen vulnerabilities in its products, including a critical-severity flaw impacting the cloud deployments of Identity Services Engine (ISE) for which proof-of-concept (PoC) code exists.

The critical issue, tracked as CVE-2025-20286 (CVSS score of 9.9), exists because credentials are improperly generated when deploying ISE on Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI).

Because the improperly generated credentials are shared across multiple ISE deployments running the same release, an attacker could use them to access ISE instances in different cloud environments.

“A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems,” Cisco says.

The issue only impacts ISE instances in which the Primary Administration node is deployed in the cloud, the tech giant says.

Cisco warns in its advisory that there are no workarounds for ...