Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-20281 PoC — Cisco ISE API Unauthenticated Remote Code Execution Vulnerability

Source
https://github.com/abrewer251/CVE-2025-20281-2-Cisco-ISE-RCE
Associated Vulnerability
Title:Cisco ISE API Unauthenticated Remote Code Execution Vulnerability (CVE-2025-20281)
Description:A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
Description
Unauthenticated Python PoC for CVE-2025-20281 RCE against ISE ERS API
Readme
# CVE-2025-20281-2-Cisco-ISE-RCE
Unauthenticated Python PoC for CVE-2025-20281 RCE against Cisco ISE ERS API

# CVE-2025-20281 Unauthenticated PoC

A minimal Python proof-of-concept that exploits the unauthenticated RCE in Cisco ISE’s ERS API (CVE-2025-20281) by injecting arbitrary shell commands into the `InternalUser` resource.  

> **Warning:** Only run against systems you own or have explicit permission to test. Misuse of this tool is illegal.

## Features

- No authentication required  
- Supports two modes:
  - `--whoami` to run `whoami` on the target and display the HTTP response  
  - `--reverse` to spawn a bash reverse shell back to your listener

This script is based on the version loaded here :contentReference[oaicite:2]{index=2}.

## Prerequisites

- Python 3.6+  
- Install dependencies:
  ```bash
  pip install requests urllib3
File Snapshot

 [4.0K]  /data/pocs/e81ec6804040257756ba7c55e2cc7a61d43f4594
├── [1.0K]  LICENSE
├── [1.7K]  PoC.py
└── [ 854]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →