CVE-2025-20281
Cisco ISE API Unauthenticated Remote Code Execution Vulnerability
In short
Cisco ISE has a critical flaw in its API that lets anyone on the internet run malicious code with full control of the system, without needing a password or login credentials.
Technical detail
A vulnerability in Cisco ISE/ISE-PIC API lacks proper input validation (CWE-74), allowing an unauthenticated remote attacker to submit a crafted request and execute arbitrary code with root privileges. No authentication or valid credentials are required; successful exploitation grants complete system compromise.
Summary generated and translated by AI from the official description.
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Cisco · Cisco Identity Services Engine Softwarepublic PoCs found — 4
githubgithub.com/abrewer251/CVE-2025-20281-2-Cisco-ISE-RCE★ 21githubgithub.com/grupooruss/CVE-2025-20281-Cisco★ 7githubgithub.com/ill-deed/Cisco-CVE-2025-20281-illdeed★ 5cve_referencewww.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerabilityunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-20281https://www.zerodayinitiative.com/blog/2025/7/24/cve-2025-20281-cisco-ise-api-unauthenticated-remote-code-execution-vulnerability