CVE-2025-20281

CRITICAL KEV NUCLEI

Cisco ISE - RCE

Title source: llm

Description

A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.

Exploits (4)

nomisec WORKING POC 20 stars
by abrewer251 · remote
https://github.com/abrewer251/CVE-2025-20281-2-Cisco-ISE-RCE
nomisec SCANNER 6 stars
by grupooruss · poc
https://github.com/grupooruss/CVE-2025-20281-Cisco
nomisec WORKING POC 5 stars
by ill-deed · remote
https://github.com/ill-deed/Cisco-CVE-2025-20281-illdeed

Nuclei Templates (1)

Cisco ISE - Remote Code Execution
CRITICALVERIFIEDby daffainfo
Shodan: "Set-Cookie: APPSESSIONID=" "Path=/admin"
FOFA: title="identity services engine"

References (3)

Scores

CVSS v3 10.0
EPSS 0.3603
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CISA KEV 2025-07-28
VulnCheck KEV 2025-07-13
ENISA EUVD EUVD-2025-19167
CWE
CWE-74
Status published
Products (4)
cisco/identity_services_engine 3.3.0 (7 CPE variants)
cisco/identity_services_engine 3.4.0 (2 CPE variants)
cisco/identity_services_engine_passive_identity_connector 3.3.0 (7 CPE variants)
cisco/identity_services_engine_passive_identity_connector 3.4.0 (2 CPE variants)
Published Jun 25, 2025
KEV Added Jul 28, 2025
Tracked Since Feb 18, 2026