By Divya
Publication Date: 2025-11-13 05:29:00
Amazon’s threat intelligence team has uncovered a sophisticated cyber campaign exploiting previously undisclosed zero-day vulnerabilities in critical enterprise infrastructure.
Advanced threat actors are actively targeting Cisco Identity Service Engine (ISE) and Citrix systems, deploying custom webshells to gain unauthorized administrative access to compromised networks.
| CVE ID | Affected Product | Severity | Status |
|---|---|---|---|
| CVE-2025-20337 | Cisco Identity Service Engine (ISE) | Critical | Zero-day (Active Exploitation) |
| CVE-2025-5777 | Citrix Systems | Critical | Zero-day (Active Exploitation) |
Initial Discovery
The threat was first identified through Amazon’s MadPot honeypot service, which detected exploitation attempts against the Citrix Bleed Two vulnerability (CVE-2025-5777) before public disclosure.
This early detection revealed that sophisticated threat actors had already weaponized the vulnerability as a zero-day in the wild.
During the investigation, Amazon Threat Intelligence discovered a companion zero-day…
