POC详情: 3c391009196bb87cb34a766917b06d713b1b433d

来源
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-20281.yaml
关联漏洞
标题: Cisco ISE和Cisco ISE-PIC 注入漏洞 (CVE-2025-20281)
描述:Cisco ISE和Cisco ISE-PIC都是美国思科(Cisco)公司的产品。Cisco ISE是一个 NAC 解决方案。用于管理零信任架构中的端点、用户和设备对网络资源的访问。Cisco ISE-PIC是一个组件。 Cisco ISE和Cisco ISE-PIC存在注入漏洞,该漏洞源于输入验证不足,可能导致执行任意代码。
描述
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
文件快照

 id: CVE-2025-20281

info:
  name: Cisco ISE - Remote Code Execution
  author: daffainfo
  severity: 

...
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。