Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-20286
CVE-2025-20286:
Cisco ISE vulnerability analysis and mitigation
Overview
A critical vulnerability (CVE-2025-20286) has been discovered in Cisco Identity Services Engine (ISE) cloud deployments affecting AWS, Microsoft Azure, and Oracle Cloud Infrastructure (OCI). The vulnerability, discovered by Kentaro Kawane of GMO Cybersecurity, was disclosed on June 4, 2025, and carries a CVSS score of 9.9. This security flaw affects ISE versions 3.1 through 3.4 on AWS, and versions 3.2 through 3.4 on both Azure and OCI platforms when the Primary Administration node is deployed in the cloud (Cisco Advisory).
Technical details
The vulnerability stems from improper credential generation during Cisco ISE cloud platform deployments, resulting in shared static credentials across different deployments using the same software release and cloud platform. For instance, all instances of Release 3.1 on AWS share identical static credentials, though these credentials are not valid across different platforms or versions. The vulnerability is tracked as CWE-259 (Use of Hard-coded Password) and has received a critical CVSS v3.1 base score of 9.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H) (NVD, Cisco Advisory).
Impact
A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. The vulnerability only affects deployments where the Primary Administration node is in the cloud; on-premises deployments are not impacted (Hacker News, Cisco Advisory).
Mitigation and workarounds
While there are no direct workarounds for this vulnerability, Cisco recommends several mitigation strategies: restrict access to the ISE instance by allowing only trusted source IP addresses via cloud security groups, use the 'application reset-config ise' command for fresh installations to reset default credentials (noting this will reset the system to factory defaults), and allow source IPs at Cisco ISE through the UI. Cisco has also released software updates and hot fixes for affected versions, with fixed releases planned for version 3.3P8 (November 2025), 3.4P3 (October 2025), and 3.5 (August 2025) (Cisco Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management