Threat and Vulnerability Intelligence Database

Example Searches:

	🏴‍☠️ Qilin has just published a new victim : cityofbelvedere.org Description: All data of this company will be available for download on 18.06.2025.Belvedere is one of the smallest and oldest cities in California. It was incorporated in 1896 and is located north of San Francisco across the Golden Gate Bridge in Marin C ... Source: Ransomware.live June 5th, 2025 (about 4 hours ago)
	Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud Description: The vulnerability, with a 9.9 CVSS score on a 10-point scale, results in different Cisco ISE deployments all sharing the same credentials as long as the software release and cloud platform remain the same. Source: Dark Reading June 5th, 2025 (about 6 hours ago)
	Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine Description: Cisco Talos observed a destructive attack on a critical infrastructure entity within Ukraine, using a previously unknown wiper we are calling “PathWiper.” Source: Cisco Talos Blog June 5th, 2025 (about 15 hours ago)
	Cisco warns of ISE and CCP flaws with public exploit code Description: Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. [...] Source: BleepingComputer June 4th, 2025 (1 day ago)
	Alleged sale of Cisco ISE Pre-auth Remote Code Execution (0day) Exploit Description: Alleged sale of Cisco ISE Pre-auth Remote Code Execution (0day) Exploit Source: DarkWebInformer June 4th, 2025 (1 day ago)
CVE-2025-20273	Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting Vulnerability Description: A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-icm-xss-cfcqhXAg Security Impact Rating: Medium CVE: CVE-2025-20273 Source: Cisco Security Advisory June 4th, 2025 (1 day ago)
CVE-2025-20286	Cisco Identity Services Engine on Cloud Platforms Static Credential Vulnerability Description: A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. This vulnerability exists because credentials are improperly generated when Cisco ISE is being deployed on cloud platforms, resulting in different Cisco ISE deployments sharing the same credentials. These credentials are shared across multiple Cisco ISE deployments as long as the software release and cloud platform are the same. An attacker could exploit this vulnerability by extracting the user credentials from Cisco ISE that is deployed in the cloud and then using them to access Cisco ISE that is deployed in other cloud environments through unsecured ports. A successful exploit could allow the attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. Note: If the Primary Administration node is deployed in the cloud, then Cisco ISE is affected by this vulnerability. If the Primary Administration node is on-premises, then it is not affected. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https:... Source: Cisco Security Advisory June 4th, 2025 (1 day ago)
CVE-2025-20130	Cisco Identity Services Engine Arbitrary File Upload Vulnerability Description: A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-file-upload-P4M8vwXY Security Impact Rating: Medium CVE: CVE-2025-20130 Source: Cisco Security Advisory June 4th, 2025 (1 day ago)
CVE-2025-20163	Cisco Nexus Dashboard Fabric Controller SSH Host Key Validation Vulnerability Description: A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due to insufficient SSH host key validation. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on SSH connections to Cisco NDFC-managed devices, which could allow an attacker to intercept this traffic. A successful exploit could allow the attacker to impersonate a managed device and capture user credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-shkv-snQJtjrp Security Impact Rating: High CVE: CVE-2025-20163 Source: Cisco Security Advisory June 4th, 2025 (1 day ago)
CVE-2025-20259	Cisco ThousandEyes Endpoint Agent for Windows Arbitrary File Delete Vulnerabilities Description: Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These vulnerabilities are due to improper access controls on files that are in the local file system. An attacker could exploit these vulnerabilities by using a symbolic link to perform an agent upgrade that redirects the delete operation of any protected file. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-te-endagent-filewrt-zNcDqNRJ Security Impact Rating: Medium CVE: CVE-2025-20259 Source: Cisco Security Advisory June 4th, 2025 (1 day ago)