Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
PoC: Blackash-CVE-2025-20281
CVE-2025-20281
PoC: Cisco-CVE-2025-20281-illdeed
Unauthenticated Remote Code Execution exploit for CVE-2025-20281 in Cisco ISE ERS API. Execute commands or launch reverse shells as root — no authentication required.
PoC: CVE-2025-20281-Cisco
This script checks for the presence of the **CVE-2025-20281** vulnerability in Cisco Identity Services Engine (ISE) and ISE-PIC, which allows **unauthenticated remote code execution (RCE)** as root due to insufficient input validation in a specific API.
PoC: CVE-2025-20281-2-Citrix-ISE-RCE
Unauthenticated Python PoC for CVE-2025-20281 RCE against Cisco ISE ERS API
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free