CVE-2025-20286

On June 4, 2025, Cisco released fixes for multiple vulnerabilities including CVE-2025-20286, a cloud-only flaw in Cisco Identity Services Engine (ISE) that can allow unauthenticated remote access, administrative actions, and data exposure due to identically generated credentials across cloud-deployed instances; two additional medium-severity issues (including CVE-2025-20129) with publicly available proof-of-concept exploit code were also disclosed. Arctic Wolf strongly recommends upgrading to the listed fixed releases and following organizational patching/testing processes; no exploitation has been observed to date.