CVE-2025-20282
CRITICAL EXPLOITEDCisco Identity Services Engine and ISE-PIC - Unauthenticated Arbitrary File Upload and Remote Code Execution
Title source: llmExploitation Summary
CVE-2025-20282 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 7 public exploits from researchers including adminlove520, skadevare, pairofglasses.
AI-analyzed exploit summary This repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.
Description
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system.
Exploits (7)
This repository contains functional exploit code for multiple CVEs, including authentication bypass vulnerabilities in TOTOLINK devices and a scanner for Fortinet SSL VPN (CVE-2024-21762). The PoCs demonstrate the vulnerabilities with clear technical details and functional code.
This PoC exploits a vulnerability in Cisco ISE by manipulating the `isehourlycron.sh` script to execute arbitrary commands. It includes functionality to reset the system and inject commands via a crafted payload.
This repository contains a functional exploit for CVE-2025-20282, targeting Cisco ISE with an unauthenticated RCE via ZIP file upload and JSP webshell deployment. The exploit uploads a malicious JSP file to a vulnerable endpoint and executes commands via a reverse shell.
This repository contains a functional exploit for CVE-2025-20282, demonstrating unauthenticated remote code execution (RCE) on Cisco ISE. The exploit uploads a JSP webshell via a ZIP file and executes commands through a crafted HTTP request.
This repository contains a functional exploit for CVE-2025-20282, targeting Cisco ISE with an unauthenticated RCE via ZIP file upload and JSP webshell deployment. The exploit uploads a malicious JSP file to a vulnerable endpoint and executes commands via a crafted HTTP request.
This repository contains a functional exploit for CVE-2025-20282, targeting Cisco ISE with an unauthenticated RCE via ZIP file upload and JSP webshell deployment. The exploit leverages a path traversal vulnerability to drop a webshell and execute commands.
This repository contains a functional exploit for CVE-2025-20282, targeting Cisco ISE with an unauthenticated RCE via ZIP file upload and JSP webshell deployment. The exploit leverages a path traversal vulnerability to drop a malicious JSP file and execute arbitrary commands.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H