Cisco patches critical flaw affecting Identity Services Engine

Cisco has issued patches for three vulnerabilities affecting its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) services.

The three flaws, tracked as CVE-2025-20286, CVE-2025-20130, and CVE-2025-20129, included critical vulnerability with a rating of 9.9/10 which also included a public proof of concept exploit.

Highest on the list priorities for customers was CVE-2025-20286, which was detailed as a ‘static credential vulnerability’ by the tech giant.

Primarily affecting ISE deployments in AWS, Azure, and Oracle Cloud Infrastructure (OCI), this could allow unauthorized parties to access sensitive data, execute “limited” administrative operations, and modify system configurations.

Cisco said this vulnerability arose because credentials are “improperly generated” when ISE is deployed on cloud platforms. This means that different ISE deployments share the same credentials.

“These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same,” the company said.

"An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports.”

Cisco noted that a threat actor could only access affected ISE instances if the Primary Administration node is deployed in the cloud. On the other hand, if it’s deployed on-premises, there is no vulnerability.

The networking giant added that there are no workarounds that address this vulnerability, urging enterprises to patch immediately.

Two more Cisco flaws patched

The two other vulnerabilities patched by Cisco this week aren’t on the same scale in terms of severity, both recording a CVSS score of 4.9.

CVE-2025-20129 is a vulnerability affecting the web-based chat interface of Cisco’s Customer Collaboration Platform (CCP). This, the company explained, could allow an authenticated user to "persuade users to disclose sensitive data”.

“This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface,” Cisco said in an advisory.

Essentially, threat actors could exploit this flaw by sending specially crafted HTTP requests to the chat interface of a user on a vulnerable server.

“A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.”

CVE-2025-20130, which also affects ISE and Cisco ISE Passive Identity Connector (ISE-PIC), could allow an attacker with admin privileges to upload files to a compromised device.

“This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint,” the company said. “A successful exploit could allow the attacker to upload arbitrary files to an affected system.”