Cisco warns over worrying security flaws in ISE affecting AWS, Azure cloud deployments - here's what you need to know

Credentials are being shared across instances

· TechRadar

News By Sead Fadilpašić published 5 June 2025

(Image credit: Shutterstock / Ken Wolter)

  • Cisco patches three vulnerabilities in ISE and CCP tools
  • One of the three has a 9.9/10 severity score
  • Some ISE deployments are not vulnerable

Cisco has patched three vulnerabilities in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) tools, including a critical-severity issue which has a public proof-of-concept (PoC) exploit.

Recently, three vulnerabilities were discovered, now tracked as CVE-2025-20286, CVE-2025-20130, and CVE-2025-20129. The former is described as a static credential reuse vulnerability, found in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of ISE.

It has a severity score of 9.9/10 (critical), and stems from improper generation of login credentials, when ISE is deployed on cloud platforms. As a result, different Cisco ISE deployments can share the same credentials, as long as the software release and cloud platform are the same.

Proof of Concept available

As a result, threat actors could access ISE instances deployed in other cloud environments through unsecured ports, gaining access to sensitive data, being able to execute limited admin operations, modify system configurations, and even disrupt different services.

The silver lining here is that the flaw is exploitable only if the Primary Administration node is deployed in the cloud. If it’s on-prem, then the instance is not vulnerable.

"The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory,” Cisco said.

ISE is a security policy management platform that provides secure network access control and visibility for devices and users, and CCP is a collaboration platform, allowing businesses to engage with their customers.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors