Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Cisco ISE

6 June 2025

Cisco has released security updates addressing a critical vulnerability (CVE-2025-20286) in its Identity Services Engine (ISE).

Background

Cisco has released security updates addressing a critical vulnerability (CVE-2025-20286) in its Identity Services Engine (ISE). The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.9 out of 10. The proof-of-concept exploit code targeting this vulnerability is reported to be available.

Impact

Successful exploitation of the vulnerability could allow an unauthenticated and remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. 

Affected Products

The vulnerabilities affect the following releases of Cisco ISE in the default configuration when it is deployed on Amazon Web Services (AWS), Microsoft Azure and Oracle Cloud Infrastructure (OCI) platforms: 

  • AWS - Cisco ISE 3.1, 3.2, 3.3, and 3.4

  • Azure - Cisco ISE 3.2, 3.3, and 3.4

  • OCI - Cisco ISE 3.2, 3.3, and 3.4

Mitigation

Users and administrators of affected products are advised to update to the latest versions immediately.

Users and administrators who are unable to update their affected products immediately are advised to perform the following mitigation measures:

  • Allow the source IP addresses of Customer Administrators that use security groups on cloud platforms to restrict access exclusively to authorised administrators before traffic reaches the Cisco ISE instance. This will effectively block any potentially malicious connections.

  • Allow the source IPs of Customer Administrators at Cisco ISE.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-aws-static-cred-FPMjUcm7

https://thehackernews.com/2025/06/critical-cisco-ise-auth-bypass-flaw.html

https://nvd.nist.gov/vuln/detail/CVE-2025-20286

Back to top