CVE-2025-20281 PoC — Cisco ISE和Cisco ISE-PIC 注入漏洞

Source

https://github.com/abrewer251/CVE-2025-20281-2-Cisco-ISE-RCE

Associated Vulnerability

Title:Cisco ISE和Cisco ISE-PIC 注入漏洞 (CVE-2025-20281)
Description:Cisco ISE和Cisco ISE-PIC都是美国思科（Cisco）公司的产品。Cisco ISE是一个 NAC 解决方案。用于管理零信任架构中的端点、用户和设备对网络资源的访问。Cisco ISE-PIC是一个组件。 Cisco ISE和Cisco ISE-PIC存在注入漏洞，该漏洞源于输入验证不足，可能导致执行任意代码。

Description

Unauthenticated Python PoC for CVE-2025-20281 RCE against ISE ERS API

Readme

# CVE-2025-20281-2-Cisco-ISE-RCE
Unauthenticated Python PoC for CVE-2025-20281 RCE against Cisco ISE ERS API

# CVE-2025-20281 Unauthenticated PoC

A minimal Python proof-of-concept that exploits the unauthenticated RCE in Cisco ISE’s ERS API (CVE-2025-20281) by injecting arbitrary shell commands into the `InternalUser` resource.  

> **Warning:** Only run against systems you own or have explicit permission to test. Misuse of this tool is illegal.

## Features

- No authentication required  
- Supports two modes:
  - `--whoami` to run `whoami` on the target and display the HTTP response  
  - `--reverse` to spawn a bash reverse shell back to your listener

This script is based on the version loaded here :contentReference[oaicite:2]{index=2}.

## Prerequisites

- Python 3.6+  
- Install dependencies:
  ```bash
  pip install requests urllib3

File Snapshot


 [4.0K]  /data/pocs/e81ec6804040257756ba7c55e2cc7a61d43f4594
├── [1.0K]  LICENSE
├── [1.7K]  PoC.py
└── [ 854]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!