Alerts
Critical Vulnerability in Cisco ISE
6 June 2025
Cisco has released security updates addressing a critical vulnerability (CVE-2025-20286) in its Identity Services Engine (ISE).
Background
Cisco has released security updates addressing a critical vulnerability (CVE-2025-20286) in its Identity Services Engine (ISE). The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10. The proof-of-concept exploit code targeting this vulnerability is reported to be available.
Impact
Successful exploitation of the vulnerability could allow an unauthenticated and remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems.
Affected Products
The vulnerabilities affect the following releases of Cisco ISE in the default configuration when it is deployed on Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure (OCI) platforms:
AWS - Cisco ISE 3.1, 3.2, 3.3, and 3.4
Azure - Cisco ISE 3.2, 3.3, and 3.4
OCI - Cisco ISE 3.2, 3.3, and 3.4
Mitigation
Users and administrators of affected products are advised to update to the latest versions immediately.
Users and administrators who are unable to update their affected products immediately are advised to perform the following mitigation measures:
Allow the source IP addresses of Customer Administrators that use security groups on cloud platforms to restrict access exclusively to authorised administrators before traffic reaches the Cisco ISE instance. This will effectively block any potentially malicious connections.
Allow the source IPs of Customer Administrators at Cisco ISE.
References
https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html