Amazon Discovers Advanced Threat Exploiting Cisco and Citrix Zero-Day Vulnerabilities

Grace N
1 day ago
1 min read

Amazon’s threat intelligence team has uncovered a sophisticated attack exploiting previously undisclosed zero-day vulnerabilities in Cisco and Citrix systems. Through its MadPot honeypot service, Amazon detected exploitation attempts targeting Citrix's Bleed Two vulnerability (CVE-2025-5777) and a critical flaw in Cisco Identity Service Engine (ISE) (CVE-2025-20337).

The attack involved custom malware that enabled remote code execution on Cisco ISE systems, granting attackers administrator-level access. The threat actor used advanced techniques, including deploying a custom web shell disguised as a legitimate Cisco ISE component, to evade detection.

This highlights the growing trend of attackers targeting critical infrastructure like identity and network access control systems. Amazon urges security teams to enhance defenses and limit access to vulnerable components to mitigate such threats.

https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/

Amazon Discovers Advanced Threat Exploiting Cisco and Citrix Zero-Day Vulnerabilities

Comments

Recent Posts

Atlassian AWS Graviton Migration: How Graviton CPUs Cut Cloud Costs by 10%

Amazon Web Services to Double Data Center Capacity in Israel with New 60,000 sqm Facility

Amazon Discovers Advanced Threat Exploiting Cisco and Citrix Zero-Day Vulnerabilities

Verizon and AWS Partner to Power the Next Wave of AI with Advanced Fiber Infrastructure

AWS Partners with DP World Tour to Revolutionize Golf with AI and Cloud Technology

Get In Touch

Headquarters

Seoul Office